CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/06/17 1:30 a.m.•6 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:38 p.m.•9 views

CVE-2026-34294

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Microsoft Active Directory. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Orac...

5.9CVSS7.3AI score0.00175EPSS

EUVD•added 2026/04/21 9:31 p.m.•8 views

EUVD-2026-24380

5.9CVSS5.7AI score0.00175EPSS

RedhatCVE•added 2026/01/09 9:48 a.m.•7 views

CVE-2020-17477

Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory via LDAP search requests. For example, a teacher can gain...

6.5CVSS7.3AI score0.00376EPSS

10CVSS6.4AI score0.01917EPSS

EUVD-2005-2512

Malware in sbrugna...

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-4831

Malware in sbrugna...

5.8CVSS5.6AI score0.00807EPSS

4.9CVSS5.2AI score0.00694EPSS

EUVD-2021-17568

Malware in sbrugna...

6.5CVSS6.5AI score0.00376EPSS

EUVD-2020-9429

Malware in sbrugna...

7.5CVSS8.2AI score0.07289EPSS

EUVD-2019-0378

Malware in sbrugna...

Exploits0References51

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-37397

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00419EPSS

Hacker One•added 2025/07/17 6:40 p.m.•19 views

curl: curl ASSERTs when accessing an LDAP URL

Summary: curl can crash when accessing an LDAP URL. curl ldap://localhost:1388 curl: result.c:930: tryread1msg: Assertion !BERBVISEMPTY &resoid ' failed. Aborted core dumped No AI was used in the production of this report. This was enabled by oss-fuzz, but initiated by me adding LDAP support to...

6.8AI score

Exploits0

RedhatCVE•added 2025/05/23 7:33 a.m.•13 views

CVE-2024-22326

IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518...

6.3CVSS6.7AI score0.00394EPSS

Tenable Nessus•added 2025/03/04 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2013-0199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the 1 ipaNTTrustAuthIncoming and 2 ipaNTTrustAuthOutgoing attributes, which allow...

5CVSS5.6AI score0.02118EPSS

Positive Technologies•added 2024/02/01 12:0 a.m.•6 views

PT-2024-14128 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.12 Description: The issue is related to LDAP injection when authentication is made against a LDAP server. This can be exploited by a remote attacker to perform LDAP injection using the authentication form. The...

10CVSS7.2AI score0.99521EPSS

Exploits27References159

Positive Technologies•added 2023/10/26 12:0 a.m.•4 views

PT-2023-11480 · Unknown · Ucs@School

Name of the Vulnerable Software and Affected Versions: UCS@school versions prior to 4.4v5-errata Description: The issue is related to incorrect LDAP ACLs in ucs-school-ldap-acls-master, allowing remote teachers, staff, and school administrators to read LDAP password hashes, including...

6.5CVSS6.5AI score0.00376EPSS

Exploits0References5

Positive Technologies•added 2022/11/23 12:0 a.m.•2 views

PT-2022-6585 · Apache · Apache Streampark

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions 1.0.0 through 2.0.0 Description: The issue is related to an LDAP injection vulnerability, which is an attack used to exploit web-based applications that construct LDAP statements based on user input. When an...

5.5CVSS5.7AI score0.01103EPSS

Exploits0References10

NVD•added 2021/03/02 10:15 p.m.•11 views

CVE-2020-12529

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports...

5.8CVSS0.00807EPSS