| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-45300 | Bypassing promo code limitations with race conditions | alfio-event | alf.io | High | 7.5 | 2024-09-06 13:02:21 | Deep Dive |
| CVE-2024-45299 | alf.io's preloaded data as json is not escaped correctly | alfio-event | alf.io | Medium | 6.5 | 2024-09-06 13:00:47 | Deep Dive |
| CVE-2024-25634 | IDOR make user can read e-mail log sent by other events | alfio-event | alf.io | High | 7.2 | 2024-02-19 19:53:53 | Deep Dive |
| CVE-2024-25635 | IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS | alfio-event | alf.io | High | 8.8 | 2024-02-19 19:48:10 | Deep Dive |
| CVE-2024-25627 | Cross-Site Scripting (XSS) via File Upload in Alf.io | alfio-event | alf.io | Low | 3.5 | 2024-02-16 20:27:58 | Deep Dive |
| CVE-2024-25628 | Insufficient Session Expiration in alf.io | alfio-event | alf.io | High | 7.6 | 2024-02-16 20:23:45 | Deep Dive |
| CVE-2023-2258 | Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io | alfio-event | alfio-event/alf.io | 高危 | - | 2023-04-24 00:00:00 | Deep Dive |
| CVE-2023-2259 | Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io | alfio-event | alfio-event/alf.io | 高危 | - | 2023-04-24 00:00:00 | Deep Dive |
| CVE-2023-2260 | Authorization Bypass Through User-Controlled Key in alfio-event/alf.io | alfio-event | alfio-event/alf.io | 高危 | - | 2023-04-24 00:00:00 | Deep Dive |
| CVE-2023-0300 | Cross-site Scripting (XSS) - Reflected in alfio-event/alf.io | alfio-event | alfio-event/alf.io | 中危 | - | 2023-01-14 00:00:00 | Deep Dive |
| CVE-2023-0301 | Cross-site Scripting (XSS) - Stored in alfio-event/alf.io | alfio-event | alfio-event/alf.io | 中危 | - | 2023-01-14 00:00:00 | Deep Dive |