328 matches found
EUVD-2025-24204
Malicious code in bioql PyPI...
EUVD-2024-54869
Malicious code in bioql PyPI...
CVE-2025-27231
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4, 10.0.0 < 10.0.1 (SVD-2025-1005)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1005 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108,...
WordPress WPMU Ldap Authentication plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WPMU Ldap Authentication versions = 5.0.1...
CVE-2024-41980
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive...
GO-2025-3855 OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao
OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
CVE-2025-55001
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...
Astra Linux – Vulnerability in dogtag-pki
A flaw was discovered in dogtag-pki and pki-core. The token authentication mechanism can be bypassed using LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session stored in the LDAP directory server, which may lead to an escalation o...
CVE-2024-51304
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldapsearchdn function...
CVE-2023-25495
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...
CVE-2023-22964
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled...
The vulnerability of the data processing application Dell Unisphere for PowerMax arises from the lack of measures to neutralize special elements in the LDAP request, allowing an attacker to execute arbitrary code.
The vulnerability of the Dell Unisphere for PowerMax data processing application is related to the failure to take measures to neutralize special elements in the LDAP request. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Schweitzer Engineering Laboratories SEL Series 安全漏洞
Schweitzer Engineering Laboratories SEL Series is a series of software and firmware products from Schweitzer Engineering Laboratories, Inc. A security vulnerability exists in the Schweitzer Engineering Laboratories SEL Series that stems from the possibility of bypassing password guessing...
389-ds-base: null pointer dereference leads to denial of service
A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it...
Microsoft Lightweight Directory Access Protocol(LDAP) 资源管理错误漏洞
Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that runs on a layer above the TCP/IP stack. A resource management error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker could exploit thi...
CVE-2025-26670
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network...
Microsoft Lightweight Directory Access Protocol(LDAP) 资源管理错误漏洞
Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that runs on a layer above the TCP/IP stack. A resource management error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker exploiting this...
Microsoft Lightweight Directory Access Protocol(LDAP) 资源管理错误漏洞
Microsoft Lightweight Directory Access Protocol LDAP is a directory services protocol from Microsoft Corporation USA that runs on a layer above the TCP/IP stack. A resource management error vulnerability exists in Microsoft Lightweight Directory Access Protocol LDAP. An attacker could exploit thi...