April Microsoft Patch Tuesday

April Microsoft Patch Tuesday. A total of 167 vulnerabilities, about twice as many as in March. There is one vulnerability already being exploited in the wild: 🔻 Spoofing - Microsoft SharePoint Server CVE-2026-32201. ZDI experts say "Spoofing bugs in SharePoint often manifest as cross-site...

EUVD-2007-6678

Malware in sbrugna...

EUVD-2017-15248

Malware in sbrugna...

EUVD-2000-0310

Malware in sbrugna...

EUVD-2014-8595

Malware in sbrugna...

EUVD-2014-8594

Malware in sbrugna...

EUVD-2022-28091

Malicious code in bioql PyPI...

(Pwn2Own) QNAP TS-464 Active Directory Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Active Directory integration. The issue results from the improper...

CVE-2022-3614

In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation...

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege

Exploit Title: ManageEngine ADManager Plus Build 7210 Elevation of Privilege Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

PT-2025-6171 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: In affected versions of Octopus Deploy where customers are using Active Directory for authentication, it was possible for an unauthenticated user to make an API request against two...

CVE-2025-0604

A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD...

CVE-2025-21293 Active Directory Domain Services Elevation of Privilege Vulnerability

...

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus, related to access control deficiencies, allows a perpetrator to view data recorded by other users’ sessions.

The vulnerability of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to view data recorded by other users’ sessions...

Privilege escalation

Active Directory Domain Services Elevation of Privilege Vulnerability...

SUSE-SU-2021:3746-1 Security update for samba

This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos bsc1014440. - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members bsc1192284...

Microsoft Windows Active Directory 权限许可和访问控制问题漏洞

Microsoft Windows Active Directory is a centralized directory management service responsible for architecting medium- to large-scale network environments from the U.S. company Microsoft. Stores information about objects on the network and makes it easy for administrators and users to find and use...

CVE-2005-0545

Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been dispute...

CORE-2003-0305-03: Active Directory Stack Overflow

Core Security Technologies Advisory http://www.coresecurity.com Active Directory Stack Overflow Date Published: 2003-07-02 Last Update: 2003-07-02 Advisory ID: CORE-2003-0305-03 Bugtraq ID: 7930 CVE Name: None currently assigned. Title: Active Directory Stack Overflow Class: Boundary Error...

Microsoft Windows Server 2000 - Active Directory Remote Stack Overflow

source: https://www.securityfocus.com/bid/7930/info A vulnerability has been discovered in Microsoft Windows 2000. The problem occurs in the Active Directory component and will result in a denial of service. An unauthenticated attacker could exploit this vulnerability by transmitting a malformed...