Lucene search
+L

852 matches found

Cvelist
Cvelist
added 2026/04/08 12:0 a.m.20 views

CVE-2026-30075

OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response For example 100 byte. The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes o...

0.00382EPSS
Exploits1References2
OSV
OSV
added 2026/04/03 3:35 a.m.2 views

CVE-2026-35538

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search...

3.1CVSS6AI score0.00283EPSS
Exploits0References9
OSV
OSV
added 2026/04/02 6:42 p.m.3 views

GO-2026-4876 Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor

Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor...

5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 8:46 a.m.1 views

CVE-2026-29131 PGP Decryption Recipient LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

4.9CVSS5.9AI score0.00226EPSS
Exploits0References1
Fedora
Fedora
added 2026/03/31 12:27 a.m.8 views

[SECURITY] Fedora 44 Update: bind-dyndb-ldap-11.11-13.fc44

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

7.5CVSS7.3AI score0.01545EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/03/30 11:0 a.m.15 views

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

9.8CVSS6.9AI score0.00793EPSS
Exploits0References5
OSV
OSV
added 2026/03/27 12:16 p.m.11 views

CLSA-2026-1774613805 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

5.9CVSS5.8AI score0.0036EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:10 a.m.9 views

CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

3.7CVSS6AI score0.00286EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-33751

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:30 p.m.8 views

EUVD-2026-15958

n8n Vulnerable to LDAP Filter Injection in LDAP Node...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 6:30 p.m.9 views

GHSA-W83Q-MCMX-MH42 n8n Vulnerable to LDAP Filter Injection in LDAP Node

Impact A flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker cou...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-33369

Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

8.8CVSS6AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.3 views

CVE-2026-33289

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33419

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...

9.1CVSS5.7AI score0.00394EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 9:9 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including administrative accounts, by setting their LDAP email attribute to match the...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/03/25 7:27 p.m.52 views

curl: Security Vulnerability Report: Protocol Injection via Programmatic Options

Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...

6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/25 6:47 p.m.3 views

CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 6:47 p.m.34 views

CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...

6.3CVSS0.00245EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.7 views

SUSE CVE-2026-26828

A NULL pointer dereference in the daapreplyplaylists function src/httpddaap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References3
Rows per page
Query Builder