Alfio-event Alf.io
8 CVEs affecting Alfio-event Alf.io. Latest disclosed: 2026-06-02. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-25635 | High | 8.8 | 2024-02-19 | alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organiz… |
CVE-2026-35482 | High | 8.0 | 2026-06-02 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnera… |
CVE-2024-25628 | High | 7.6 | 2024-02-16 | Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalida… |
CVE-2024-45300 | High | 7.5 | 2024-09-06 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the u… |
CVE-2024-25634 | High | 7.2 | 2024-02-19 | alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a spe… |
CVE-2024-45299 | Medium | 6.5 | 2024-09-06 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is… |
CVE-2026-41412 | Medium | 4.9 | 2026-06-02 | alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension san… |
CVE-2024-25627 | Low | 3.5 | 2024-02-16 | Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaS… |