Lucene search
K

737 matches found

Nuclei
Nuclei
added 8 hours ago113 views

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS6.1AI score0.03304EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

9.9CVSS6.7AI score0.00691EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 6 days ago5 views

apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection

A flaw was found in Apache CXF. A remote attacker could exploit an LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server. This vulnerability allows the attacker to retrieve arbitrary certificates from the repository, leading to information disclosure...

9.8CVSS7.3AI score0.00722EPSS
Exploits0References5
NVD
NVD
added 6 days ago9 views

CVE-2026-4256

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: through 30042026...

8.2CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago13 views

EUVD-2026-42586

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: through 30042026...

8.2CVSS5.9AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-4256 LDAP Injection in PEAKUP's PassGate

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: through 30042026...

8.2CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59269 Privilege Escalation via Active Directory LDAP injection in Pinniped Supervisor can be executed by an attacker who can edit LDAP Group DN entries

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 12:16 p.m.12 views

CVE-2026-13696

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107...

8.8CVSS0.00355EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 11:15 a.m.5 views

EUVD-2026-42035

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection. This issue affects Liman MYS: before release.Master.1107...

8.8CVSS5.9AI score0.00355EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 8:48 a.m.4 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Bouncy Castle (CVE-2026-0636,CVE-2026-5598,CVE-2026-5588&CVE-2026-3505)

Summary IBM App Connect Enterprise Toolkit and Runtime are vulnerable to multiple vulnerabilities due to Bouncy Castle. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy...

9.9CVSS5.8AI score0.00758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 4:30 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench

Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.2.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...

9.8CVSS6.6AI score0.01339EPSS
Exploits4Affected Software1
NVD
NVD
added 2026/06/24 2:17 p.m.12 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.4 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.35 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

0.00224EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/20 7:57 a.m.7 views

Security Bulletin: Multiple Security Vulnerabilities in third-Party libraries used by IBM Tivoli Netcool Configuration Manager

Summary Multiple vulnerabilities in the third-party Bouncy Castle libraries used by IBM Tivoli Netcool Configuration Manager have been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle In...

9.9CVSS5.8AI score0.00691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:51 a.m.5 views

Security Bulletin: IBM ApplinX is vulnerable to multiple vulnerabilities due to the use of Bouncy Castle library (CVE-2023-33202, CVE-2025-8916, CVE-2026-5588, CVE-2025-14813, CVE-2026-5598, CVE-2026-0636)

Summary IBM ApplinX is vulnerable to an Uncontrolled Resource Consumption vulnerability, an Allocation of Resources Without Limits or Throttling vulnerability, a Use of a Broken or Risky Cryptographic Algorithm, a Covert Timing Channel vulnerability and an Improper Neutralization of Special...

9.9CVSS7.1AI score0.00932EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/06/17 6:35 p.m.6 views

LDAP Injection

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to LDAP Injection in the DefaultLdapRealm class. An attacker can bypass...

9.1CVSS5.9AI score0.00494EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 1:7 p.m.7 views

CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

9.1CVSS5.5AI score0.00494EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:20 p.m.6 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CVE-2026-0636)

Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-0636. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP...

6.9CVSS4.8AI score0.00527EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

SolarWinds Web Help Desk < 2026.2 Multiple Vulnerabilities

The version of SolarWinds Web Help Desk installed on the remote host is prior to 2026.2. It is, therefore, affected by multiple vulnerabilities. - pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores...

9.8CVSS6.8AI score0.12384EPSS
Exploits2References9
Rows per page
Query Builder