CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

262 matches found

OSV•added last week•5 views

RHSA-2026:26599 Red Hat Security Advisory: redhat-ds:12 security update

Bulletin has no description...

7.5CVSS4.8AI score0.00815EPSS

Exploits0References7

NVD•added 2026/06/17 10:40 a.m.•7 views

CVE-2026-35312

Vulnerability in the Oracle Virtual Directory product of Oracle Fusion Middleware component: Virtual Directory Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise...

9.8CVSS0.00518EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:17 p.m.•8 views

CVE-2026-33432

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

9.1CVSS5.5AI score0.00423EPSS

Exploits1References1

UbuntuCve•added 2026/05/20 10:16 a.m.•5 views

CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.7AI score0.00815EPSS

Exploits0References3

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в 389-ds-base

A access control bypass vulnerability was discovered in version 389-ds-base. This issue stems from improper handling of the filter, which results in incorrect results. However, further analysis revealed that it actually constitutes an access control bypass. This vulnerability could allow any...

7.5CVSS7AI score0.01394EPSS

Exploits0References2

CVE•added 2026/05/15 6:36 p.m.•13 views

CVE-2026-45009

CVE-2026-45009 affects phpMyFAQ prior to 4.1.2. The issue is an insufficient authorization check in admin-api routes, allowing authenticated ordinary users to access administrative endpoints without verifying backend privileges. This can expose sensitive backend information such as dashboard vers...

5.3CVSS5.8AI score0.00168EPSS

Exploits0References2

Packet Storm•added 2026/04/22 12:0 a.m.•92 views

📄 Dovecot 3.1.0 Authentication Bypass / User Enumeration

This Metasploit auxiliary module targets an LDAP injection vulnerability in Dovecot mail servers that can lead to authentication bypass or user enumeration via IMAP/POP3. Version 3.1.0 is affected...

5.3CVSS5.8AI score0.00286EPSS

Exploits1

Github Security Blog•added 2026/03/11 12:23 a.m.•6 views

Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction

Impact The LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN and group search filters without escaping special characters. This allows an attacker with valid LDAP credentials to manipulate the bin...

8.8CVSS5.8AI score0.00423EPSS

Exploits0References5Affected Software1

SUSE CVE•added 2026/02/24 12:25 a.m.•4 views

SUSE CVE-2025-14905

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...

7.2CVSS6.2AI score0.01038EPSS

Exploits0References15

RedhatCVE•added 2026/02/21 1:30 a.m.•8 views

CVE-2026-1658

User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...

5.3CVSS5.5AI score0.00242EPSS

Exploits0References1

OSV•added 2026/02/19 11:16 p.m.•4 views

CVE-2026-1658

5.3CVSS5.8AI score0.00242EPSS

Exploits0References1

NVD•added 2026/02/19 11:16 p.m.•6 views

CVE-2026-1658

5.3CVSS0.00242EPSS

Exploits0References1

Vulnrichment•added 2026/02/19 10:40 p.m.•7 views

CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services

5.3CVSS5.9AI score0.00242EPSS

Exploits0References1

Cvelist•added 2026/02/19 10:40 p.m.•25 views

CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services

5.3CVSS0.00242EPSS

Exploits0References1

CVE•added 2026/02/19 10:40 p.m.•20 views

CVE-2026-1658

OpenText Directory Services (20.4.1–25.2) contains CVE-2026-1658: a UI misrepresentation of critical information can enable cache poisoning, potentially misleading users. Affected components are within OpenText Directory Services could present manipulated text, with impact described as low integr...

5.3CVSS5.5AI score0.00242EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/02/19 7:21 p.m.•6 views

CVE-2025-15579

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2...

9.5CVSS6.2AI score0.00328EPSS

Exploits0References1

CNNVD•added 2026/02/19 12:0 a.m.•7 views

OpenText Directory Services（OTDS）安全漏洞

OpenText Directory Services OTDS is an information management solution provided by the Canadian company OpenText. It integrates OpenText products and solutions with the company’s enterprise directory infrastructure. Vulnerabilities exist in versions 20.4.1 to 25.2 of OpenText Directory Services,...

5.3CVSS5.8AI score0.00242EPSS

Exploits0References1