LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection in the LdapProfileService class, which accepts ID-based search parameters in multiple methods. A privileged attacker can execute unauthorized LDAP queries and perform arbitrary directory operations. Remediation Upgrade...

SUSE CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

EUVD-2026-16573

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

CVE-2026-33369

Zimbra Collaboration (ZCS) versions 10.0 and 10.1 are affected by an LDAP injection in the Mailbox SOAP service during a FolderAction operation. The vulnerability arises because user input is not properly sanitized before being incorporated into an LDAP search filter, enabling an authenticated at...

CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

Astra Linux - уязвимость в dogtag-pki

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...

Red Hat Keycloak 输入验证错误漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. An input validation error vulnerability exists in Red Hat Keycloak that originates from a vulnerability that allows an attacker to perform othe...

ca: token authentication bypass vulnerability

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...

keycloak: LDAP injection on username input

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...

PT-2023-22009 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 2.5.0 through 3.5.7 Mastodon versions 3.5.8 is not affected, but versions prior to 3.5.8 are affected, however 4.0.3 and prior to 4.0.4 and 4.1.1 and prior to 4.1.2 are also affected. Mastodon versions 2.5.0 through 4.1.1...

Mastodon 注入漏洞

Mastodon is an open source social network server based on ActivityPub. An injection vulnerability exists in Mastodon version 2.5.0 and later versions, which stems from an insecure LDAP query at login. An attacker can exploit this vulnerability to disclose arbitrary attributes of the LDAP database...

CVE-2014-2051

ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."...