Lucene search
K

21 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.4 views

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

3.7CVSS5.9AI score0.00224EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-45559

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS5.5AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 10:15 p.m.28 views

CVE-2026-42568 Yamcs Vulnerable to LDAP Injection in LdapAuthModule

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...

4.3CVSS0.01027EPSS
Exploits3References3
CVE
CVE
added 2026/06/10 10:15 p.m.38 views

CVE-2026-42568

CVE-2026-42568 affects YAMCS when LdapAuthModule is configured. The root cause is that the username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, enabling an authentication bypass (e.g., username=*) and potentially granting access to tokens for first matching ...

4.3CVSS5.4AI score0.01027EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/06/10 2:2 p.m.7 views

CVE-2026-45559 Roxy-WI: LDAP injection in /user/ldap/<username> (admin-only)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS5.5AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 12:38 p.m.10 views

CVE-2026-49498 Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.11 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS5.7AI score0.02501EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/20 8:26 p.m.32 views

CVE-2026-33432 Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

8.7CVSS0.00423EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.8.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of escaping special characters in usernames during LDAP authentication, which could...

9.1CVSS5.8AI score0.00423EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/19 8:25 p.m.3 views

CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

5.4CVSS5.6AI score0.00239EPSS
Exploits1References2
NVD
NVD
added 2026/02/07 10:16 p.m.7 views

CVE-2026-25560

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

9.8CVSS0.00654EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.4 views

CVE-2026-1591

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

6.3CVSS5.3AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 8:16 a.m.8 views

CVE-2026-1591

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

6.3CVSS0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 7:57 a.m.5 views

EUVD-2026-5187

Foxit PDF Editor Cloud pdfonline contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects...

6.3CVSS5.3AI score0.00195EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/13 1:43 p.m.1 views

Denial of Service (DoS)

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Denial of Service DoS via the username from the login form which inserted into the LDAP search filter without escaping. An attacker can cause the server and client to process excessive data by injecting...

8.7CVSS6.9AI score0.00362EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5813

Malware in sbrugna...

5.4CVSS5.5AI score0.00618EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-37815

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00992EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.5 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that stems from a cross-site scripting attack in which an unescaped username string is...

5.4CVSS6.2AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.3 views

Jenkins DotCi Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...

5.4CVSS5.1AI score0.00587EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/07/02 12:0 a.m.3 views

PT-2022-22430 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.7 MediaWiki versions 1.36.x MediaWiki versions 1.37.x prior to 1.37.3 MediaWiki versions 1.38.x prior to 1.38.1 Description: An issue can occur in configurations that allow a JavaScript payload in a username,...

9.8CVSS6AI score0.22699EPSS
Exploits30References139
Rows per page
Query Builder