Lucene search
+L

852 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 4:59 p.m.14 views

CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

...

5.5CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.12 views

EUVD-2026-29473

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/12 2:0 p.m.18 views

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally...

5.5CVSS5.8AI score0.00292EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.17 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

7.5CVSS5.7AI score0.00667EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the use of a security filter for variable expansion, where all subsequent pipes on the same strin...

9.1CVSS5.9AI score0.00406EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2026/05/12 12:0 a.m.20 views

KLA91040 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of...

9.8CVSS7.6AI score0.01932EPSS
Exploits4References89
Snyk
Snyk
added 2026/05/11 6:14 p.m.8 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the LDAP connectivity configuration component. An attacker can cause the server to initiate unintended outbound connections by supplying a malicious LDAP server during configuration or testing. This ...

5.1CVSS5.5AI score0.00257EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 5:11 p.m.20 views

CVE-2026-3048

Nexus Repository Manager (Sonatype) 3.x is affected: versions 3.0.0–3.91.1, when an authenticated administrator configures or tests LDAP connectivity, may initiate unintended server-side connections with a malicious LDAP server due to improper LDAP referral handling. No exploitation details or mi...

5.1CVSS5.8AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 5:11 p.m.8 views

CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

5.1CVSS5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Sonatype Nexus Repository Manager 代码问题漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.91.1 contained code vulnerabilities. These...

5.1CVSS5.9AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 8:16 p.m.4 views

DEBIAN-CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.3CVSS5.7AI score0.00813EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/09 7:37 p.m.10 views

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.0041EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/08 7:38 p.m.14 views

Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

9.1CVSS6AI score0.01461EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/05 3:47 a.m.16 views

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/04/30 7:12 a.m.85 views

Agent389

Agent389 Agent389 is a professional, high-fidelity LDAP inje...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 p.m.6 views

CVE-2026-40606

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24947

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/04/22 2:0 p.m.9 views

CVE-2026-33609

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees...

6.5CVSS5.8AI score0.00242EPSS
Exploits0
OSV
OSV
added 2026/04/21 6:16 p.m.10 views

PYSEC-2026-92

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.8AI score0.00166EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/21 5:43 p.m.7 views

CVE-2026-40606 ProxyAuth Addon LDAP Injection in mitmproxy

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP...

4.8CVSS5.7AI score0.00166EPSS
Exploits1References1
Rows per page
Query Builder