Lucene search
+L

328 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-24204

Malicious code in bioql PyPI...

3.5CVSS6.5AI score0.0043EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54869

Malicious code in bioql PyPI...

3.1CVSS6.5AI score0.00122EPSS
Exploits0References1
nvd
nvd
added 2025/10/03 12:15 p.m.15 views

CVE-2025-27231

The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...

4.9CVSS0.00387EPSS
Exploits0References1
redhat
redhat
added 2025/10/02 5:38 p.m.3 views

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

9.8CVSS5.9AI score0.00793EPSS
Exploits0References5
nessus
nessus
added 2025/10/01 12:0 a.m.3 views

Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4, 10.0.0 < 10.0.1 (SVD-2025-1005)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1005 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108,...

4.9CVSS5.6AI score0.00525EPSS
Exploits0References2
patchstack
patchstack
added 2025/08/21 1:12 p.m.4 views

WordPress WPMU Ldap Authentication plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WPMU Ldap Authentication versions = 5.0.1...

7.1CVSS6AI score0.00124EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2025/08/12 11:16 a.m.11 views

CVE-2024-41980

A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive...

3.1CVSS0.00122EPSS
Exploits0References1
osv
osv
added 2025/08/11 5:59 p.m.6 views

GO-2025-3855 OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao

OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

5.3CVSS7AI score0.00394EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/08/11 2:30 a.m.7 views

CVE-2025-55001

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS6.6AI score0.00221EPSS
Exploits0References1
astralinux
astralinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux – Vulnerability in dogtag-pki

A flaw was discovered in dogtag-pki and pki-core. The token authentication mechanism can be bypassed using LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session stored in the LDAP directory server, which may lead to an escalation o...

7.5CVSS7.1AI score0.00659EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 6:19 a.m.7 views

CVE-2024-51304

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldapsearchdn function...

8.8CVSS6.1AI score0.00597EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:26 a.m.4 views

CVE-2023-25495

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...

4.9CVSS6.8AI score0.00567EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:16 a.m.9 views

CVE-2023-22964

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled...

9.1CVSS7.2AI score0.02448EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2025/05/23 12:0 a.m.10 views

The vulnerability of the data processing application Dell Unisphere for PowerMax arises from the lack of measures to neutralize special elements in the LDAP request, allowing an attacker to execute arbitrary code.

The vulnerability of the Dell Unisphere for PowerMax data processing application is related to the failure to take measures to neutralize special elements in the LDAP request. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

4CVSS5.9AI score0.00273EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2025/05/20 12:0 a.m.8 views

Schweitzer Engineering Laboratories SEL Series 安全漏洞

Schweitzer Engineering Laboratories SEL Series is a series of software and firmware products from Schweitzer Engineering Laboratories, Inc. A security vulnerability exists in the Schweitzer Engineering Laboratories SEL Series that stems from the possibility of bypassing password guessing...

7.5CVSS6.9AI score0.00365EPSS
Exploits0References1
redhat
redhat
added 2025/05/13 1:31 p.m.5 views

389-ds-base: null pointer dereference leads to denial of service

A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it...

4.9CVSS5.7AI score0.00553EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/05/13 12:0 a.m.3 views

Microsoft Lightweight Directory Access Protocol(LDAP) 资源管理错误漏洞

Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that runs on a layer above the TCP/IP stack. A resource management error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker could exploit thi...

5.9CVSS8AI score0.01117EPSS
Exploits0References1
osv
osv
added 2025/04/08 6:15 p.m.1 views

CVE-2025-26670

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network...

8.1CVSS5.9AI score0.10428EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/04/08 12:0 a.m.4 views

Microsoft Lightweight Directory Access Protocol(LDAP) 资源管理错误漏洞

Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that runs on a layer above the TCP/IP stack. A resource management error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker exploiting this...

8.1CVSS8.3AI score0.01878EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/04/08 12:0 a.m.4 views

Microsoft Lightweight Directory Access Protocol(LDAP) 资源管理错误漏洞

Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that runs on a layer above the TCP/IP stack. A resource management error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker could exploit thi...

7.5CVSS8.1AI score0.02371EPSS
Exploits0References2
Rows per page
Query Builder