OpenReplay Security Vulnerabilities

OpenReplay is developer-friendly, self-hosted session replay. A security vulnerability exists in OpenReplay version 1.14.0 and prior releases that stems from a lack of validation of Name field-Account Settings, which allows an attacker to send an email with HTML injection code to a victim...

PT-2023-8936 · Tp Link · Tp-Link Omada Er605

Name of the Vulnerable Software and Affected Versions: TP-Link Omada ER605 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this issue. The...

OLX: Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection)

Hello, Another report here. Description I found that www.joinolx.com has an option to do subscription for vacancy alert. So I took a look at that. I was able to include my HTML codes to manipulate emails sent to my address. The Name field in the subscription form doesn't validate the name to stri...

cert name check ignore OpenSSL

libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and CURLOPTSSLVERIFYHOST. T...