Lucene search
+L

852 matches found

CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow FAB Auth Manager,...

5.3CVSS5.8AI score0.00574EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/05/23 12:20 p.m.37 views

curl: lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window

Summary: curl's generic LDAP backend lib/ldap.c does not disable automatic LDAP referral chasing, unlike lib/openldap.c, which explicitly sets LDAPOPTREFERRALS to LDAPOPTOFF. As a result, a malicious first-hop LDAP server can return a referral to an attacker-controlled second LDAP server and caus...

5.7AI score
Exploits0
NVD
NVD
added 2026/05/22 10:16 p.m.16 views

CVE-2026-41076

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

8.1CVSS0.00392EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 9:36 p.m.13 views

EUVD-2026-31504

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

8.1CVSS5.7AI score0.00392EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 9:36 p.m.2 views

CVE-2026-41076 RT: LDAP authentication bypass via empty password

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker m...

8.1CVSS5.8AI score0.00392EPSS
Exploits0References5
CVE
CVE
added 2026/05/22 12:16 p.m.52 views

CVE-2026-44930

Technical details are not publicly available in the provided documents. Monitor for updates.

9.8CVSS5.9AI score0.00722EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: logback (UTSA-2026-016687)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016687 advisory. In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to...

8.5CVSS6.2AI score0.04439EPSS
Exploits1References4
NVD
NVD
added 2026/05/21 8:16 a.m.18 views

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.7 views

CVE-2026-44063

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.15 views

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.43 views

CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Netatalk 日志信息泄露漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contained a vulnerability related to log information leakage. This vulnerability stemmed from...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42409

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.1.0 through 4.4.2 Description Netatalk inserts LDAP simple-bind passwords into log output in cleartext. This allows an attacker with access to the log files to obtain LDAP credentials. Recommendations Update to version 4.4....

7.5CVSS5.8AI score0.0036EPSS
Exploits0References20
Cvelist
Cvelist
added 2026/05/20 9:0 a.m.62 views

CVE-2026-9064 389-ds-base: 389-ds-base: unbounded ldap controls count in get_ldapmessage_controls_ext() causes cpu and heap amplification (remote dos)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS0.00815EPSS
Exploits0References19
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Zabbix

The request to LDAP is sent before checking the user permissions...

9.1CVSS8.2AI score0.00561EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Bouncycastle

The Bouncy Castle For Java version prior to 1.74 is affected by an LDAP injection vulnerability. This vulnerability only affects applications that use the LDAP CertStore provided by Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the...

5.3CVSS6.8AI score0.00772EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Samba

A vulnerability related to information leaks was discovered in Samba’s LDAP server. Due to missing access control checks, a authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...

4.3CVSS6.2AI score0.01168EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

There is an improper authentication vulnerability in curl versions 7.33.0 through and including 7.82.0. This vulnerability may allow for the reuse of OAUTH2-authenticated connections without ensuring that the connection was authentically verified with the same credentials used for this transfer...

8.1CVSS6.5AI score0.01914EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Derby

A cleverly designed username can bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could allow an attacker to create unnecessary Derby databases, thereby filling up storage space. In LDAP-authenticated Derby installations, the attacker could also execute malware...

9.8CVSS7.2AI score0.01418EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:36 a.m.10 views

CVE-2026-41919

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00454EPSS
Exploits0References2
Rows per page
Query Builder