A placeholder
This blog features a collection of original security research, including CVE disclosures, CTF writeups, and technical blog posts on cyber security written by Ravindu Wickramasinghe. Everything published here is based on hands-on work and personal study, intended to document methods, share insights, and contribute to the broader security community. — rvz
Disclaimer, All blog posts and poc exploits listed in here and under github profile are for educational and authorized testing only. The author is not responsible for any misuse or illegal activity. Use at your own risk.

CVE-2024-42640 : Unauthenticated Remote Code Execution via Angular-Base64-Upload Library

The angular-base64-upload library, created by Adones Pitogo, is a tool designed to simplify the process of uploading base64-encoded files in Angular applications.

CVE-2024-57514 – XSS in TP-Link A20 v3 Router

The TP-Link Archer A20 v3 Router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface.

CVE-2025-51569 – XSS in LB-Link BL-CPE300M AX300 4G LTE Router

The LB-Link BL-CPE300M router web interface is vulnerable to reflected cross-site scripting (XSS) vulnerability.

CVE-2025-57278 – Improper IP Bound Session Authentication in LB-Link BL-CPE300M AX300 4G LTE Router

The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling
All Rights Reserved - Copyright © 2025 - Zyenra Security
I