852 matches found
CVE-2026-30075
OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response For example 100 byte. The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes o...
CVE-2026-35538
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search...
GO-2026-4876 Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor
Harbor: LDAP password and OIDC secret are not redacted in the audit log in github.com/goharbor/harbor...
CVE-2026-29131 PGP Decryption Recipient LDAP Injection
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...
[SECURITY] Fedora 44 Update: bind-dyndb-ldap-11.11-13.fc44
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
CLSA-2026-1774613805 python3: Fix of CVE-2025-15366
CVE-2025-15366: reject control characters in IMAP commands...
CVE-2026-27860
If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...
CVE-2026-33751
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...
EUVD-2026-15958
n8n Vulnerable to LDAP Filter Injection in LDAP Node...
GHSA-W83Q-MCMX-MH42 n8n Vulnerable to LDAP Filter Injection in LDAP Node
Impact A flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker cou...
CVE-2026-33369
Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...
CVE-2026-27894
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...
CVE-2026-33289
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...
CVE-2026-33419
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including administrative accounts, by setting their LDAP email attribute to match the...
curl: Security Vulnerability Report: Protocol Injection via Programmatic Options
Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...
CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...
CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...
SUSE CVE-2026-26828
A NULL pointer dereference in the daapreplyplaylists function src/httpddaap.c of owntone-server commit 3d1652d allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...