Lucene search
K

1643 matches found

Nuclei
Nuclei
added 12 hours ago21 views

Open WebUI 'LDAP Empty Password' - Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS7AI score0.01461EPSS
Exploits1References2
NVD
NVD
added yesterday4 views

CVE-2026-48338

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

6.8CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-57748

Name of the Vulnerable Software and Affected Versions Membership For WooCommerce versions prior to 3.1.1 Description A Path Traversal issue exists in the Membership For WooCommerce plugin. This flaw allows an attacker to access files and directories outside of the intended restricted directory by...

8.6CVSS6.1AI score0.00382EPSS
Exploits0References3
Fedora
Fedora
added 4 days ago7 views

[SECURITY] Fedora 44 Update: sssd-2.13.1-2.fc44

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

8.8CVSS6.1AI score0.00501EPSS
Exploits0
RedHat Linux
RedHat Linux
added 5 days ago2 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.5AI score0.00805EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2026/07/07 1:25 p.m.8 views

389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 11:15 a.m.32 views

CVE-2026-13696 LDAP Injection in HAVELSAN's Liman MYS

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107...

8.8CVSS0.00355EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 9:12 a.m.12 views

CVE-2026-14474

SSSD (System Security Services Daemon) LDAP sudo provider is vulnerable when ldap_sudo_search_base is not configured; SSSD will search the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object, granting root-level ...

8.8CVSS5.9AI score0.00348EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:12 a.m.8 views

CVE-2026-1433

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 8:12 a.m.6 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References3
NVD
NVD
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS0.00646EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55327

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description A race condition leads to a use-after-free issue in LDAP...

9.2CVSS6.3AI score0.00646EPSS
Exploits0References13
NVD
NVD
added 2026/07/01 2:17 a.m.19 views

CVE-2026-57962

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS0.00203EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 2:17 a.m.4 views

UBUNTU-CVE-2026-57962

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 12:58 a.m.7 views

EUVD-2026-40861

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

Mozilla Thunderbird < 152.0.1

The version of Thunderbird installed on the remote Windows host is prior to 152.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-63 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 a.m.7 views

CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS0.00659EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 9:55 a.m.2 views

CVE-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 4:10 p.m.15 views

Security Bulletin: Multiple Vulnerabilities in bcprov package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include bcprov library, which is susceptible to use of broken cryptographic algorithm, Improper neutralization, covert timing channel vulnerabilities CVE-2025-14813, CVE-2026-0636, CVE-2026-5598...

9.9CVSS6.7AI score0.00691EPSS
Exploits0Affected Software2
Rows per page
Query Builder