Lucene search
K

13 matches found

CVE
CVE
added 2026/06/10 12:38 p.m.24 views

CVE-2026-49498

Ghidra 11.0 before 12.1 is affected by a SQL injection in PostgresFunctionDatabase.changePassword(), which fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can craft username parameters in PasswordChange network messages to inject SQL com...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 9:13 p.m.46 views

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS0.00479EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 9:13 p.m.24 views

CVE-2026-44671

Summary of CVE-2026-44671 (ZITADEL LDAP Filter Injection) : Zitadel’s LDAP IdP parsing fails to escape user-provided usernames in LDAP search filters, enabling unauthenticated users to perform blind LDAP Injection during login. The issue affects Zitadel deployments using LDAP IdP in the following...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/08 5:11 p.m.10 views

GHSA-RXVX-HHPJ-Q6PX ZITADEL has LDAP Filter Injection in Login Flow

Summary A vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allows unauthenticated attackers to perform LDAP Filter Injection during the login process...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References5
NVD
NVD
added 2026/04/18 12:16 a.m.4 views

CVE-2026-40593

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor UserEditor.php renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars. An administrator can save a username containing HTML attribute-breaking characte...

4.8CVSS0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.11 views

PT-2026-33543

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor UserEditor.php renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars. An administrator can save a username containing HTML attribute-breaking characte...

4.8CVSS5.8AI score0.002EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.4 views

CVE-2026-25560

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

9.8CVSS5.4AI score0.00654EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/08 12:30 a.m.8 views

EUVD-2026-5712

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

9.8CVSS5.5AI score0.00654EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-5812

Malware in sbrugna...

6.1CVSS6.3AI score0.00763EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin LogDash Activity Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.4CVSS6.3AI score0.00748EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.6 views

WordPress plugin Limit Login Attempts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.4CVSS6.5AI score0.28799EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/07/02 8:15 p.m.3 views

CVE-2022-34911

An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is...

6.1CVSS5.9AI score0.00992EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/10/20 3:52 p.m.3 views

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

5.4CVSS6.9AI score0.00919EPSS
Exploits0References4
Rows per page
Query Builder