Lucene search
K

107 matches found

OSV
OSV
added 2026/04/17 6:31 p.m.11 views

GHSA-C3FC-8QFF-9HWX Bouncy Castle has an LDAP injection

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.84...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/17 1:18 p.m.32 views

CVE-2026-40459 LDAP Injection in PAC4J

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...

8.7CVSS0.00608EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 1:18 p.m.5 views

CVE-2026-40459 LDAP Injection in PAC4J

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...

8.7CVSS5.9AI score0.00608EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

pac4j 安全漏洞

pac4j is a simple yet powerful Java security engine developed by pac4j OpenSource. It is used to authenticate users, retrieve their configuration files, and manage authorization, thereby protecting web applications and web services. There were security vulnerabilities in versions of pac4j before...

8.8CVSS5.9AI score0.00608EPSS
Exploits0References1
NVD
NVD
added 2026/04/16 12:16 a.m.9 views

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS0.00419EPSS
Exploits1References3
OSV
OSV
added 2026/04/15 10:16 a.m.4 views

DEBIAN-CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/15 10:16 a.m.6 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.8 views

LDAP Injection

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP searc...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.14 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 8:47 a.m.10 views

CVE-2026-29138

SEPPmail Secure Email Gateway is affected by CVE-2026-29138 in versions prior to 15.0.3. The issue allows an attacker who sends a specially crafted email address to claim another user’s PGP signature as their own. Affected product/component: SEPPmail Secure Email Gateway; vulnerability type: misu...

7.5CVSS5.9AI score0.00217EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/02 8:46 a.m.27 views

CVE-2026-29131 PGP Decryption Recipient LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

4.9CVSS0.00226EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.7 views

SUSE CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

3.7CVSS6AI score0.00286EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/26 6:30 p.m.3 views

LDAP Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to LDAP Injection via the LDAP node's filter escape. An attacker can retrieve unauthorized LDAP records or bypass authentication checks by injecting specially crafted input into LDAP search parameters...

6.3CVSS5.9AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31999

OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution...

7.8CVSS6AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 a.m.11 views

EUVD-2026-14597

OpenClaw versions 2026.2.26 before 2026.3.1 contain a current working directory injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows shell execution fallback. Attackers can manipulate the current working directory to alter wrapper resolution behavior and achieve...

5.8CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/03/23 10:16 p.m.5 views

CVE-2026-32912

Rejected reason: This CVE ID has been rejected...

Exploits0
Cvelist
Cvelist
added 2026/03/23 9:36 p.m.21 views

CVE-2026-32912

...

Exploits0
CVE
CVE
added 2026/03/23 9:36 p.m.11 views

CVE-2026-32912

OpenClaw 2016.2.26 exposes a local a vulnerability in Windows wrapper resolution for .cmd/.bat files, where current working directory manipulation can change wrapper resolution and lead to command execution integrity loss. Affected: OpenClaw versions prior to 2026.3.1. Root cause: current working...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/20 3:31 p.m.6 views

EUVD-2026-13692

Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...

5.8AI score0.00227EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open-source enterprise-level email and collaboration platform developed by Zimbra Corporation. It supports email, calendar, document management, and team collaboration features. Versions 10.0 and 10.1 of Zimbra Collaboration contain security vulnerabilities. These...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References4
Rows per page
Query Builder