110 matches found
CVE-2026-14474
A flaw was found in SSSD's LDAP sudo provider. When the ldapsudosearchbase option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo...
CVE-2026-11748
A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...
CVE-2026-45721
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute a...
PT-2026-28091
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. A flaw in the LDAP node's filter escape logic allows LDAP metacharacters to pass through unescaped when...
CVE-2026-33289
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...
Zimbra Collaboration 安全漏洞
Zimbra Collaboration is an open-source enterprise-level email and collaboration platform developed by Zimbra Corporation. It supports email, calendar, document management, and team collaboration features. Versions 10.0 and 10.1 of Zimbra Collaboration contain security vulnerabilities. These...
WeKan 注入漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained a injection vulnerability. This vulnerability stemmed from the fact that the username provided during LDAP authentication was entered without proper escaping, and thus incorporated into the...
CVE-2025-67493
Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...
CVE-2025-67493
CVE-2025-67493 affects Homarr before version 1.45.3. The issue arises from missing sanitization of inputs in LDAP search queries, enabling a malicious user with account access to escalate privileges and access groups of other users. Affected software is the Homarr dashboard; root cause is input h...
CVE-2025-67493 Homarr: missing input sanitization and possible privilege escalation through ldap search query injection
Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...
EUVD-2017-12148
Malware in sbrugna...
EUVD-1999-1346
Malware in sbrugna...
CVE-2024-51304
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldapsearchdn function...
Adobe Creative Cloud < 4.0.0.185 Multiple Vulnerabilities (APSB17-13)
The version of Adobe Creative Cloud installed on the remote Windows host is prior to 4.0.0.185. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-13 advisory. - Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource...
CVE-2024-20430 Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability
A vulnerability in Cisco Meraki Systems Manager SM Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this...
CVE-2024-20430
CVE-2024-20430 affects Cisco Meraki Systems Manager (SM) Agent for Windows. The issue stems from incorrect handling of directory search paths at runtime, enabling an authenticated, local attacker to read and place malicious configuration files and DLLs that are executed when SM launches at startu...
RHEL 5 : sqlite (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sqlite: stack buffer overflow in src/printf.c CVE-2015-3416 - chromium-browser: pointer disclosure in...
RHEL 6 : sqlite (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sqlite: Heap-buffer overflow in the getNodeSize function CVE-2017-10989 - osunix.c in SQLite before 3.13....
PT-2022-26436 · Hcl · Hcl Launch
Name of the Vulnerable Software and Affected Versions: HCL Launch affected versions not specified Description: The issue allows a user with administrative privileges, including "Manage Security" permissions, to recover a credential previously saved for performing authenticated LDAP searches...