CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2 days ago•5 views

EUVD-2026-33900

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

CVE•added 2 days ago•7 views

CVE-2026-10549

CVE-2026-10549 describes an LDAP filter injection in Yandex Database leading to bypass of group membership checks and unauthorized access for an attacker with valid LDAP credentials. Affected product: Yandex Database before version 25.3.1.25. Root cause: LDAP filter injection in the authenticatio...

ATTACKERKB•added 2 days ago•3 views

CVE-2026-10549

Positive Technologies•added 2 days ago•7 views

PT-2026-45722

ATTACKERKB•added 3 days ago•6 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.8AI score0.00038EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 6 days ago•4 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00023EPSS

Exploits0References3

EUVD•added 6 days ago•7 views

EUVD-2026-33260

4.1CVSS5.8AI score0.00023EPSS

CNNVD•added 6 days ago•4 views

Red Hat Quay 代码问题漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has code-related vulnerabilities; these vulnerabilities stem from the LDAP and SMTP authentication functions of the config-tool, which do not filter IP or host addresses. This may allow...

4.1CVSS5.8AI score0.00023EPSS

Debian CVE•added last week•5 views

CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00148EPSS

Exploits0

Vulnrichment•added 2026/05/28 4:42 a.m.•6 views

CVE-2026-9801 Keycloak: keycloak: denial of service via malformed ldap password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00303EPSS

ATTACKERKB•added 2026/05/27 9:54 p.m.•6 views

CVE-2026-46402

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

8.1CVSS5.8AI score0.00063EPSS

NVD•added 2026/05/27 3:16 p.m.•11 views

CVE-2026-48916

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals...

6.6CVSS0.00255EPSS

RedhatCVE•added 2026/05/27 2:12 a.m.•11 views

CVE-2026-46745

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

5.3CVSS5.8AI score0.00169EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-44011

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

5.8AI score0.00255EPSS

OSV•added 2026/05/26 12:59 a.m.•6 views

MAL-2026-4723 Malicious code in weavedb-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c25ff456baf684075b65ecf808bbfe36cbf91811fb4b04b70c13a3dd9d8a9403 package.json declares "preinstall": "./tools/setup", where tools/setup is a 976KB stripped Linux x86-64 ELF binary sha256...

5.8AI score

OSV•added 2026/05/25 8:16 p.m.•2 views

UBUNTU-CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

7.5CVSS5.8AI score0.00051EPSS

Exploits0References7

Snyk•added 2026/05/25 12:58 p.m.•3 views

LDAP Injection

Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to LDAP Injection through the ldapbindindirect and nested group search code in override.py. An attacker can manipulate the LDAP username or...

9.1CVSS5.9AI score0.00169EPSS