All 8 CVE vulnerabilities found in alf.io, with AI-generated Chinese analysis, references, and POCs.
Vendor: alfio-event
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41412 | alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script CWE-22 | 4.9 | Medium | 2026-06-02 |
| CVE-2026-35482 | alf.io has an Authenticated RCE via Extension Script Sandbox Escape CWE-863 | 8.0 | High | 2026-06-02 |
| CVE-2024-45300 | Bypassing promo code limitations with race conditions CWE-362 | 7.5 | High | 2024-09-06 |
| CVE-2024-45299 | alf.io's preloaded data as json is not escaped correctly CWE-116 | 6.5 | Medium | 2024-09-06 |
| CVE-2024-25634 | IDOR make user can read e-mail log sent by other events CWE-497 | 7.2 | High | 2024-02-19 |
| CVE-2024-25635 | IDOR Vulnerability: Allowing Organization Owner to view the other Organizations API KEY and USERS CWE-612 | 8.8 | High | 2024-02-19 |
| CVE-2024-25627 | Cross-Site Scripting (XSS) via File Upload in Alf.io CWE-79 | 3.5 | Low | 2024-02-16 |
| CVE-2024-25628 | Insufficient Session Expiration in alf.io CWE-613 | 7.6 | High | 2024-02-16 |
All 8 known CVE vulnerabilities affecting alf.io with full Chinese analysis, references, and POCs where available.