Auditing OpenReception: 16 CVEs in an E2E encrypted booking platform
A white-box audit of the end-to-end encrypted booking platform OpenReception found 16 vulnerabilities, four of them critical.
Security research and bug bounty, done the boring way: reported to the vendor, fixed, then written up here.
A white-box audit of the end-to-end encrypted booking platform OpenReception found 16 vulnerabilities, four of them critical.
How missing authorization checks in Zammad's REST API let agents execute group-restricted AI text tools and inject unauthorized ticket context into AI prompts.
How I bypassed Wazuh's UNC path mitigation in Windows OSQuery using extended-length UNC paths (\\?\UNC\), leaking NetNTLMv2 hashes despite the original CVE-2025-30201 fix.
SSRF via HTTP redirect in repository migration allows authenticated users to bypass internal address restrictions and reach localhost or private-network services
heap over-read in UPnP event callback URL host parsing (upnpevents.c)
PGP email verification handler discards GPG return values, falsely marking all inbound signed emails as valid signatures
unauthenticated request to OTRS import controller endpoint blocks request workers for ~115 seconds, enabling denial of service
knowledge base permission checks allow users with limited read permissions to access items outside their assigned scope