CVE-2026-45721

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute a...

PT-2026-28091

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. A flaw in the LDAP node's filter escape logic allows LDAP metacharacters to pass through unescaped when...

CVE-2026-33289

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open-source enterprise-level email and collaboration platform developed by Zimbra Corporation. It supports email, calendar, document management, and team collaboration features. Versions 10.0 and 10.1 of Zimbra Collaboration contain security vulnerabilities. These...

WeKan 注入漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained a injection vulnerability. This vulnerability stemmed from the fact that the username provided during LDAP authentication was entered without proper escaping, and thus incorporated into the...

CVE-2025-67493

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...

CVE-2025-67493

CVE-2025-67493 affects Homarr before version 1.45.3. The issue arises from missing sanitization of inputs in LDAP search queries, enabling a malicious user with account access to escalate privileges and access groups of other users. Affected software is the Homarr dashboard; root cause is input h...

CVE-2025-67493 Homarr issing input sanitization and possible privilege escalation through ldap search query injection

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...

EUVD-1999-1346

Malware in sbrugna...

EUVD-2017-12148

Malware in sbrugna...

CVE-2024-51304

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ldapsearchdn function...

Adobe Creative Cloud < 4.0.0.185 Multiple Vulnerabilities (APSB17-13)

The version of Adobe Creative Cloud installed on the remote Windows host is prior to 4.0.0.185. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-13 advisory. - Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource...

CVE-2024-20430 Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability

A vulnerability in Cisco Meraki Systems Manager SM Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this...

CVE-2024-20430

CVE-2024-20430 affects Cisco Meraki Systems Manager (SM) Agent for Windows. The issue stems from incorrect handling of directory search paths at runtime, enabling an authenticated, local attacker to read and place malicious configuration files and DLLs that are executed when SM launches at startu...

RHEL 5 : sqlite (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sqlite: stack buffer overflow in src/printf.c CVE-2015-3416 - chromium-browser: pointer disclosure in...

RHEL 6 : sqlite (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sqlite: Heap-buffer overflow in the getNodeSize function CVE-2017-10989 - osunix.c in SQLite before 3.13....

PT-2022-26436 · Hcl · Hcl Launch

Name of the Vulnerable Software and Affected Versions: HCL Launch affected versions not specified Description: The issue allows a user with administrative privileges, including "Manage Security" permissions, to recover a credential previously saved for performing authenticated LDAP searches...

CVE-2022-38654

HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record...

CVE-2022-38654

HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record...