Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28443

OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...

9.8CVSS5.8AI score0.00341EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 9:16 p.m.11 views

CVE-2026-28443

OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...

9.8CVSS0.00341EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/05 8:53 p.m.2 views

CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter

OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...

6.9CVSS5.8AI score0.00341EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:53 p.m.3 views

CVE-2026-28443

OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...

6.9CVSS5.9AI score0.00341EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/05 8:53 p.m.38 views

CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter

OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...

6.9CVSS0.00341EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/05 8:53 p.m.9 views

EUVD-2026-9880

OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...

6.9CVSS5.9AI score0.00341EPSS
Exploits1References1
CVE
CVE
added 2026/03/05 8:53 p.m.20 views

CVE-2026-28443

OpenReplay (self-hosted session replay) has a SQL injection in the POST /{projectId}/cards/search endpoint, specifically in the sort.field parameter, that affects versions prior to 1.20.0. The issue has been patched in version 1.20.0. Practical impact is high (as indicated by the CVSS data in the...

9.8CVSS5.9AI score0.00341EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/05 8:53 p.m.4 views

CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter

OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...

6.9CVSS5.8AI score0.00341EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.11 views

PT-2026-23518

Name of the Vulnerable Software and Affected Versions OpenReplay versions prior to 1.20.0 Description OpenReplay is a self-hosted session replay suite. The /projectId/cards/search API endpoint is susceptible to SQL injection due to a flaw in the sort.field parameter. This allows for potential...

9.8CVSS5.8AI score0.00341EPSS
Exploits1References7
Rows per page
Query Builder