729 matches found
EulerOS Virtualization 2.10.0 : python-ldap (EulerOS-SA-2026-1563)
According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...
EulerOS Virtualization 2.10.1 : python-ldap (EulerOS-SA-2026-1543)
According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...
EulerOS 2.0 SP12 : python-ldap (EulerOS-SA-2026-1377)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...
EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2026-1346)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...
EulerOS 2.0 SP11 : python-ldap (EulerOS-SA-2026-1617)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes...
EulerOS 2.0 SP11 : python-ldap (EulerOS-SA-2026-1589)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes...
EulerOS 2.0 SP12 : python-ldap (EulerOS-SA-2026-1408)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...
EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2026-1320)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...
LDAP Injection
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to LDAP Injection via unsanitized input in the authData.id parameter during the construction of LDAP Distinguished Names and...
CVE-2026-31828
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...
CVE-2026-31828 Parse Server has an LDAP injection via unsanitized user input in DN and group filter construction
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...
CVE-2026-1498
WatchGuard Fireware OS is affected by CVE-2026-1498 via LDAP Injection. A remote unauthenticated attacker can retrieve information from a connected LDAP authentication server through an exposed authentication or management web interface, and may authenticate as an LDAP user if they have that user...
EUVD-2026-5033
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...
CVE-2026-1498 WatchGuard Firebox LDAP Injection
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...
PT-2026-5396
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.6 WatchGuard Fireware OS versions 12.5 through 12.5.15 WatchGuard Fireware OS versions 2025.1 through 2026.0 Description A flaw exists in WatchGuard Fireware OS that could allow a remote,...
Astra Linux – Vulnerability in python-ldap
Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars could be exploited to skip escaping special characters when a crafted list or dict was provided as the assertionvalue parameter, and...
CVE-2018-12689
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted serverid parameter in a cmd.php?cmd=loginform request, or a crafted username and password in the login panel...
CVE-2020-23148
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request...
CVE-2021-41232
Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in versio...
CVE-2026-21880
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...