Lucene search
K

377 matches found

EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS0.00646EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-55327

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description A race condition leads to a use-after-free issue in LDAP...

9.2CVSS6.3AI score0.00646EPSS
Exploits0References13
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-435 Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

9.1CVSS6AI score0.01461EPSS
Exploits1References5
OSV
OSV
added 2026/06/19 12:1 a.m.7 views

RLSA-2026:26459 Important: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: unbounded LDAP controls count in...

7.5CVSS5.3AI score0.00815EPSS
Exploits0References2
NCSC
NCSC
added 2026/06/17 9:28 a.m.14 views

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

10CVSS5.9AI score0.00565EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/17 12:44 a.m.8 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49907

Name of the Vulnerable Software and Affected Versions Oracle Unified Directory versions 12.2.1.4.0 Oracle Unified Directory versions 14.1.2.1.0 Description An issue in the OUD Core component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via LDAP Lightweight...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.12 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.16 views

WatchGuard FireboxV LDAP Race Condition

WatchGuard FireboxV with firmware version 12.11.6 Build B728370 suffers from a race condition in rscryptosetupldapserver libpkicli.so that allows two concurrently-processed IKEv1 Aggressive Mode packets to trigger a double-free and use-after-Free on the global LDAP connection handle. The research...

5.5AI score
Exploits0
CVE
CVE
added 2026/06/10 2:2 p.m.29 views

CVE-2026-45559

CVE-2026-45559 affects Roxy-WI web interface (versions ≤ 8.2.6.4). The vulnerability arises from get_ldap_email in app/modules/roxywi/user.py, where the LDAP search filter is built via string concatenation and the URL username parameter is used verbatim without input validation or LDAP escaping. ...

4.9CVSS5.5AI score0.00234EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.6 views

CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. RFC 4513 Section 5.1.2 defines this as an unauthenticated bind. On LDAP servers that permit such binds, an attacker with a valid usernam...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/01 8:24 a.m.17 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.directory.api:api-ldap-client-api is a LDAP Client API. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the TLS server identity verification. An attacker can intercept and impersonate the server by presenting a...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Nextcloud 访问控制错误漏洞

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. In versions 1.3.6 to 8.4.0, there was a vulnerability related to access control. This vulnerability stemmed from improper checks, allowing users...

8.8CVSS5.3AI score0.00193EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/29 6:49 a.m.16 views

CVE-2026-41076

A flaw was found in RT, an open-source issue and ticket tracking system. This vulnerability allows a remote attacker to bypass authentication in RT installations configured to use LDAP/AD Lightweight Directory Access Protocol/Active Directory for user authentication. Under specific LDAP server...

8.1CVSS5.8AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 4:42 a.m.39 views

CVE-2026-9801 Keycloak: keycloak: denial of service via malformed ldap password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS0.00476EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44194

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw allows a remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker who has compromis...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References11
CVE
CVE
added 2026/05/27 2:13 p.m.27 views

CVE-2026-48917

CVE-2026-48917 affects Jenkins LDAP Plugin (807.v7d7de30930cf and earlier). The issue is that it deserializes data from LDAP referrals without validation, with CVSS 3.1 base score 6.6 (Medium) and impacts on confidentiality, integrity, and availability rated High. Exploitation details are not pro...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/21 8:16 a.m.18 views

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS0.00245EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

There is an improper authentication vulnerability in curl versions 7.33.0 through and including 7.82.0. This vulnerability may allow for the reuse of OAUTH2-authenticated connections without ensuring that the connection was authentically verified with the same credentials used for this transfer...

8.1CVSS6.5AI score0.01914EPSS
Exploits1References2
Rows per page
Query Builder