Lucene search
K

729 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 12:9 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IFix 1 Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of...

9.9CVSS6.6AI score0.01127EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2026/06/10 10:15 p.m.30 views

CVE-2026-42568 Yamcs Vulnerable to LDAP Injection in LdapAuthModule

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...

4.3CVSS0.01027EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/06/10 2:2 p.m.37 views

CVE-2026-45559 Roxy-WI: LDAP injection in /user/ldap/<username> (admin-only)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS0.00234EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 1:55 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2026-3505, CVE-2025-14813, CVE-2026-0636, CVE-2026-5598, CVE-2026-33671, CVE-2026-33672, CVE-2026-5588, CVE-2026-40175)

Summary IBM Rational Developer for i is affected by an uncontrolled resource consumption vulnerability in Bcpg CVE-2026-3505, a broken or risky cryptographic vulnerability in Bcprov CVE-2025-14813, an LDAP injection vulnerability in Bcprov CVE-2026-0636, a covert timing channel vulnerability in...

9.9CVSS5.8AI score0.01815EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 12:5 p.m.6 views

Security Bulletin: IBM Technical Support Appliance is affected by an LDAP Injection Vulnerability in Bouncy Castle BC-JAVA

Summary IBM Technical Support Appliance TSA includes a vulnerable version of the Bouncy Castle BC-JAVA provider library bcprov-jdk18on-1.78.1.jar. A flaw in the BC-JAVA LDAP certificate store implementation LDAPStoreHelper could allow improper neutralization of special elements used in LDAP...

6.9CVSS5.5AI score0.00527EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-41919

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.4AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-44930

A flaw was found in Apache CXF. A remote attacker could exploit an LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server. This vulnerability allows the attacker to retrieve arbitrary certificates from the repository, leading to information disclosure. Mitigation...

9.8CVSS5.2AI score0.0068EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-34578

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...

8.2CVSS5.5AI score0.00415EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40459

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...

8.8CVSS5.6AI score0.00608EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/02 12:42 p.m.13 views

USN-8365-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...

9.1CVSS5.9AI score0.00454EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:35 a.m.9 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses fast-xml-parser-5.3.6.tgz, mlflow-3.9.0rc0-py3-none-any.whl, bcpkix-jdk18on-1.79.jar, pythonmultipart-0.0.24-py3-none-any.whl, bcprov-jdk18on-1.79.jar, spring-security-core-6.5.9.jar, spring-boot-autoconfigure-3.5.13.jar, spring-web-6.2.17.jar,...

9.8CVSS5.9AI score0.00527EPSS
Exploits4Affected Software1
Exploit DB
Exploit DB
added 2026/05/30 12:0 a.m.66 views

YAMCS yamcs-core 5.12.7 - LDAP Injection

Exploit Title: YAMCS yamcs-core 5.12.7 - LDAP Injection Date: 2026-05-27 Exploit Author: Daniel Miranda Barcelona Excal1bur Vendor Homepage: https://yamcs.org Software Link: https://github.com/yamcs/yamcs Version: 1 else "http://localhost:8090" base = target.rstrip"/" print"=" 65 print"...

4.3CVSS5.8AI score0.01027EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/29 2:35 p.m.101 views

Exploit for CVE-2026-42568

CVE-2026-42568 — YAMCS LDAP Injection in LdapAuthModule Su...

5.9AI score0.01027EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:58 a.m.16 views

Security Bulletin: There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-0636)

Summary There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of t...

6.9CVSS5.8AI score0.00527EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.10 views

Apache CXF < 3.6.11 / 4.0.x < 4.1.6 / 4.2.x < 4.2.1 Multiple Vulnerabilities

The version of Apache CXF installed on the remote host is affected by multiple vulnerabilities: - The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted use...

9.8CVSS7.7AI score0.00793EPSS
Exploits0References7
NVD
NVD
added 2026/05/25 11:16 a.m.15 views

CVE-2026-46745

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

5.3CVSS0.00574EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 10:41 a.m.52 views

CVE-2026-46745 Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

0.00574EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 3:47 p.m.12 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the LdapCertificateRepo of the XKMS server. An attacker can retrieve arbitrary certificates from the repository by injecting crafted LDAP queries. Remediation Upgrade...

9.8CVSS5.9AI score0.0068EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 1:16 p.m.19 views

CVE-2026-44930

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

9.8CVSS0.0068EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:16 p.m.10 views

CVE-2026-44930

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

9.8CVSS5.9AI score0.0068EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder