254 matches found
CVE-2026-9064
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
CVE-2026-45009
CVE-2026-45009 affects phpMyFAQ prior to 4.1.2. The issue is an insufficient authorization check in admin-api routes, allowing authenticated ordinary users to access administrative endpoints without verifying backend privileges. This can expose sensitive backend information such as dashboard vers...
Astra Linux - уязвимость в 389-ds-base
A access control bypass vulnerability was discovered in version 389-ds-base. This issue arises from improper handling of filters, which can lead to incorrect results. However, further analysis revealed that it actually constitutes an access control bypass. This vulnerability could allow any remot...
📄 Dovecot 3.1.0 Authentication Bypass / User Enumeration
This Metasploit auxiliary module targets an LDAP injection vulnerability in Dovecot mail servers that can lead to authentication bypass or user enumeration via IMAP/POP3. Version 3.1.0 is affected...
Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction
Impact The LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN and group search filters without escaping special characters. This allows an attacker with valid LDAP credentials to manipulate the bin...
SUSE CVE-2025-14905
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...
CVE-2026-1658
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
CVE-2026-1658
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
CVE-2026-1658
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
CVE-2026-1658
OpenText Directory Services (20.4.1–25.2) contains CVE-2026-1658: a UI misrepresentation of critical information can enable cache poisoning, potentially misleading users. Affected components are within OpenText Directory Services could present manipulated text, with impact described as low integr...
CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
CVE-2025-15579
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2...
PT-2026-20948
User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...
OpenText Directory Services(OTDS) 安全漏洞
OpenText Directory Services OTDS is an information management solution provided by the Canadian company OpenText. It integrates OpenText products and solutions with the company’s enterprise directory infrastructure. Vulnerabilities exist in versions 20.4.1 to 25.2 of OpenText Directory Services,...
CVE-2025-15579
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2...
CVE-2025-15579
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2...
CVE-2025-15579 An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2...
CVE-2025-15579 An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2...
CVE-2025-15579
CVE-2025-15579 describes an insecure deserialization vulnerability in OpenText Directory Services (versions 10.5–26.1) that enables Object Injection due to deserialization of untrusted data. The underlying issue is the deserialization process, which can lead to remote code execution, denial of se...