Lucene search
K

724 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 4:37 p.m.3 views

CVE-2026-39962

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...

8.8CVSS5.9AI score0.00345EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/09 4:37 p.m.6 views

EUVD-2026-20966

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...

8.8CVSS5.9AI score0.00345EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/09 2:34 p.m.38 views

EUVD-2026-20896

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...

8.2CVSS5.9AI score0.00415EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.13 views

Deciso OPNsense 安全漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Prior to version 26.1.6, there were security vulnerabilities in OPNsense. These vulnerabilities stemmed from the LDAP authentication connector, which directly passed the...

8.2CVSS5.8AI score0.00415EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/02 8:47 a.m.2 views

CVE-2026-29138 PGP Decryption Sender LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...

6.3CVSS5.9AI score0.00217EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions...

5.3CVSS5.8AI score0.00286EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 8:10 a.m.25 views

CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

3.7CVSS0.00286EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.4 views

CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

5.3CVSS5.9AI score0.00286EPSS
Exploits1References2
Rosalinux
Rosalinux
added 2026/03/22 9:2 p.m.11 views

Advisory ROSA-SA-2026-3232

software: kanboard 1.2.49 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.49-1 affected versions kanboard-1.2.49-1 CVE-ID: CVE-2026-21879 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An Open Redirect vulnerability in Kanboard ≤ 1.2.48 allowed authenticated users to be redirected to malicious...

9.1CVSS5.7AI score0.00433EPSS
Exploits4
Cvelist
Cvelist
added 2026/03/20 12:0 a.m.22 views

CVE-2026-33369

Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...

0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 12:0 a.m.2 views

CVE-2026-33369

Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...

5.8AI score0.00227EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:0 a.m.5 views

CVE-2026-33369

Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...

5.8AI score0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/19 11:9 p.m.21 views

CVE-2026-33289 SuiterCRM has LDAP Filter Injection in Authentication Module

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

8.8CVSS0.00662EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 11:9 p.m.5 views

EUVD-2026-13400

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

8.8CVSS5.8AI score0.00662EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.9 views

PT-2026-26452

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

8.8CVSS5.8AI score0.00662EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.6 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Bouncy Castle vulnerabilities (USN-8108-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8108-1 advisory. It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search...

7.5CVSS6.8AI score0.011EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.10.0 : python-ldap (EulerOS-SA-2026-1563)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...

6.9CVSS6.5AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS 2.0 SP11 : python-ldap (EulerOS-SA-2026-1617)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes...

6.9CVSS6.5AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.7 views

EulerOS 2.0 SP12 : python-ldap (EulerOS-SA-2026-1408)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

6.9CVSS5.9AI score0.00427EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.8 views

EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2026-1320)

According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...

6.9CVSS5.9AI score0.00427EPSS
Exploits2References3
Rows per page
Query Builder