Lucene search
K

729 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.10.0 : python-ldap (EulerOS-SA-2026-1563)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...

6.9CVSS6.5AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.7 views

EulerOS Virtualization 2.10.1 : python-ldap (EulerOS-SA-2026-1543)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...

6.9CVSS6.5AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP12 : python-ldap (EulerOS-SA-2026-1377)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

6.9CVSS5.9AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.7 views

EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2026-1346)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

6.9CVSS5.9AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.7 views

EulerOS 2.0 SP11 : python-ldap (EulerOS-SA-2026-1617)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes...

6.9CVSS6.5AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS 2.0 SP11 : python-ldap (EulerOS-SA-2026-1589)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes...

6.9CVSS6.5AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.7 views

EulerOS 2.0 SP12 : python-ldap (EulerOS-SA-2026-1408)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

6.9CVSS5.9AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.9 views

EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2026-1320)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

6.9CVSS5.9AI score0.00427EPSS
Exploits2References3
Snyk
Snyk
added 2026/03/11 12:23 a.m.5 views

LDAP Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to LDAP Injection via unsanitized input in the authData.id parameter during the construction of LDAP Distinguished Names and...

8.8CVSS5.8AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 10:16 p.m.5 views

CVE-2026-31828

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...

8.8CVSS0.00423EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 9:41 p.m.4 views

CVE-2026-31828 Parse Server has an LDAP injection via unsanitized user input in DN and group filter construction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...

6CVSS5.8AI score0.00423EPSS
Exploits0References3
CVE
CVE
added 2026/01/30 1:2 p.m.33 views

CVE-2026-1498

WatchGuard Fireware OS is affected by CVE-2026-1498 via LDAP Injection. A remote unauthenticated attacker can retrieve information from a connected LDAP authentication server through an exposed authentication or management web interface, and may authenticate as an LDAP user if they have that user...

7CVSS5.9AI score0.0068EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/30 1:2 p.m.6 views

EUVD-2026-5033

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...

7CVSS5.9AI score0.0068EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/30 1:2 p.m.4 views

CVE-2026-1498 WatchGuard Firebox LDAP Injection

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...

7CVSS5.6AI score0.0068EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.7 views

PT-2026-5396

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.6 WatchGuard Fireware OS versions 12.5 through 12.5.15 WatchGuard Fireware OS versions 2025.1 through 2026.0 Description A flaw exists in WatchGuard Fireware OS that could allow a remote,...

7CVSS5.5AI score0.0068EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in python-ldap

Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars could be exploited to skip escaping special characters when a crafted list or dict was provided as the assertionvalue parameter, and...

6.9CVSS5.3AI score0.00301EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:27 p.m.6 views

CVE-2018-12689

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted serverid parameter in a cmd.php?cmd=loginform request, or a crafted username and password in the login panel...

9.8CVSS7.2AI score0.01784EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.10 views

CVE-2020-23148

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request...

7.5CVSS6.7AI score0.01623EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.5 views

CVE-2021-41232

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in versio...

9.8CVSS7.2AI score0.01467EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/01/08 12:59 a.m.7 views

CVE-2026-21880

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

5.3CVSS5.5AI score0.00352EPSS
Exploits2
Rows per page
Query Builder