Lucene search
K

847 matches found

RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.13 views

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References6
Fedora
Fedora
added 2026/05/15 9:9 p.m.18 views

[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS6AI score0.61469EPSS
Exploits41
CVE
CVE
added 2026/05/15 7:59 p.m.32 views

CVE-2026-44551

Open WebUI vulnerability CVE-2026-44551: before version 0.9.0, the LDAP authentication endpoint does not validate non-empty passwords, allowing an unauthenticated Simple Bind on many LDAP servers. The LdapForm model accepts password: str without a minimum length, so an empty string can reach the ...

9.1CVSS5.8AI score0.01461EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/15 7:12 p.m.47 views

CVE-2026-45675

Open WebUI CVE-2026-45675 describes a TOCTOU race in first-user admin role assignment for LDAP and OAuth paths prior to version 0.9.0. The signup path was fixed to insert with a default role first and upgrade if only one user remains; LDAP and OAuth paths did not receive that fix. Attack scenario...

8.1CVSS5.3AI score0.00354EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 7:12 p.m.11 views

CVE-2026-45675 Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, lin...

8.1CVSS5.3AI score0.00354EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 授权问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the Open WebUI open source project. Versions of Open WebUI prior to 0.9.0 had an authorization vulnerability. This vulnerability stemmed from the LDAP authentication endpoint failing to verify that the submitt...

9.1CVSS5.8AI score0.01461EPSS
Exploits1References2
CVE
CVE
added 2026/05/14 9:13 p.m.25 views

CVE-2026-44671

Summary of CVE-2026-44671 (ZITADEL LDAP Filter Injection) : Zitadel’s LDAP IdP parsing fails to escape user-provided usernames in LDAP search filters, enabling unauthenticated users to perform blind LDAP Injection during login. The issue affects Zitadel deployments using LDAP IdP in the following...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/14 8:28 p.m.11 views

Race Condition

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Race Condition through a race condition in the LDAP and OAuth authentication processes. An attacker can obtain administrative privileges by sending multiple concurrent authentication requests during the initi...

9.2CVSS5.8AI score0.00354EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:41 a.m.12 views

SUSE CVE-2026-27851

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...

7.4CVSS5.8AI score0.00406EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability arises from the use ...

8.7CVSS5.8AI score0.003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40640

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication,...

8.7CVSS5.8AI score0.003EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 10:16 p.m.17 views

CVE-2026-44305

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

6.8CVSS0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:28 p.m.20 views

CVE-2026-44305

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

6.8CVSS5.8AI score0.00094EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 9:28 p.m.21 views

CVE-2026-44305

CVE-2026-44305 affects Lemur when LDAP_USE_TLS is True. The LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level, causing any MITM between Lemur and the LDAP server to intercept credentials and potentially modify responses. This vulnerab...

6.8CVSS5.8AI score0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:27 p.m.8 views

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 9:27 p.m.21 views

CVE-2026-44304

Summary: Lemur’s LDAP authentication module (lemur/auth/ldap.py) constructs LDAP filters using unsanitized username input, enabling a post-authentication LDAP filter injection that can modify group membership queries and escalate privileges to administrator. This affects Lemur prior to version 1....

8.1CVSS5.8AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 9:27 p.m.2 views

CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS6AI score0.00179EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 6:17 p.m.13 views

CVE-2026-34339

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally...

5.5CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 4:59 p.m.14 views

CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

...

5.5CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.12 views

EUVD-2026-29473

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References2
Rows per page
Query Builder