CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 5 hours ago•2 views

CVE-2026-49268

8.8CVSS

NCSC•added 10 hours ago•6 views

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

10CVSS5.9AI score

Nuclei•added 14 hours ago•13 views

Open WebUI 'LDAP Empty Password' - Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS5.3AI score0.01256EPSS

Exploits1References2

RedHat Linux•added 19 hours ago•3 views

Important: Red Hat Security Advisory: 389-ds:1.4 security update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

7.5CVSS5.4AI score0.00452EPSS

SUSE CVE•added 5 days ago•8 views

SUSE CVE-2026-11788

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

7.5CVSS5.5AI score0.00406EPSS

RedhatCVE•added 6 days ago•8 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.5AI score0.00182EPSS

Packet Storm News•added 6 days ago•10 views

WatchGuard FireboxV LDAP Race Condition

WatchGuard FireboxV with firmware version 12.11.6 Build B728370 suffers from a race condition in rscryptosetupldapserver libpkicli.so that allows two concurrently-processed IKEv1 Aggressive Mode packets to trigger a double-free and use-after-Free on the global LDAP connection handle. The research...

5.5AI score

Exploits0

EUVD•added last week•9 views

EUVD-2026-36196

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...

4.3CVSS5.4AI score0.01009EPSS

Exploits3References3

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48438

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get ldap email app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, ...

4.9CVSS5.5AI score0.00234EPSS

OSV•added 2026/06/09 12:52 p.m.•2 views

SUSE-SU-2026:2316-1 Security update for 389-ds

This update for 389-ds fixes the following issue - CVE-2026-9064: unbounded LDAP controls count in getldapmessagecontrolsext can lead to amplified CPU time and heap allocation and a denial of service bsc1265898. Changes for 389-ds: - Update to version 2.0.20git90.9f70d434e...

7.5CVSS5.4AI score0.00452EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-47648

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS5.4AI score0.00239EPSS

RedhatCVE•added 2026/06/05 7:25 p.m.•5 views

CVE-2026-44305

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

6.8CVSS5.5AI score0.00094EPSS

CVE•added 2026/06/02 8:27 a.m.•11 views

CVE-2026-10549

CVE-2026-10549 describes an LDAP filter injection in Yandex Database leading to bypass of group membership checks and unauthorized access for an attacker with valid LDAP credentials. Affected product: Yandex Database before version 25.3.1.25. Root cause: LDAP filter injection in the authenticatio...

EUVD•added 2026/06/02 8:27 a.m.•8 views

EUVD-2026-33900

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

ATTACKERKB•added 2026/06/02 8:27 a.m.•7 views

CVE-2026-10549

Positive Technologies•added 2026/06/02 12:0 a.m.•10 views

PT-2026-45722

ATTACKERKB•added 2026/06/01 7:12 a.m.•7 views

CVE-2026-35563

8.8CVSS5.8AI score0.00182EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/29 7:59 a.m.•6 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00194EPSS

EUVD•added 2026/05/29 7:59 a.m.•10 views

EUVD-2026-33260

4.1CVSS5.8AI score0.00194EPSS