9 matches found
CVE-2026-28443
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...
CVE-2026-28443
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...
CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...
CVE-2026-28443
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...
CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...
EUVD-2026-9880
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...
CVE-2026-28443
OpenReplay (self-hosted session replay) has a SQL injection in the POST /{projectId}/cards/search endpoint, specifically in the sort.field parameter, that affects versions prior to 1.20.0. The issue has been patched in version 1.20.0. Practical impact is high (as indicated by the CVSS data in the...
CVE-2026-28443 OpenReplay: SQL injection in cards/search via unvalidated sort field parameter
OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /projectId/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0...
PT-2026-23518
Name of the Vulnerable Software and Affected Versions OpenReplay versions prior to 1.20.0 Description OpenReplay is a self-hosted session replay suite. The /projectId/cards/search API endpoint is susceptible to SQL injection due to a flaw in the sort.field parameter. This allows for potential...