Lucene search
K

836 matches found

SUSE CVE
SUSE CVE
added 2026/05/13 3:41 a.m.11 views

SUSE CVE-2026-27851

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...

7.4CVSS5.8AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.8 views

PT-2026-40640

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication,...

8.7CVSS5.8AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability arises from the use ...

8.7CVSS5.8AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 p.m.17 views

CVE-2026-44305

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

6.8CVSS0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:28 p.m.18 views

CVE-2026-44305

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

6.8CVSS5.8AI score0.00094EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 9:28 p.m.20 views

CVE-2026-44305

CVE-2026-44305 affects Lemur when LDAP_USE_TLS is True. The LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level, causing any MITM between Lemur and the LDAP server to intercept credentials and potentially modify responses. This vulnerab...

6.8CVSS5.8AI score0.00094EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:27 p.m.7 views

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 9:27 p.m.19 views

CVE-2026-44304

Summary: Lemur’s LDAP authentication module (lemur/auth/ldap.py) constructs LDAP filters using unsanitized username input, enabling a post-authentication LDAP filter injection that can modify group membership queries and escalate privileges to administrator. This affects Lemur prior to version 1....

8.1CVSS5.8AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.12 views

CVE-2026-34339

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally...

5.5CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 4:59 p.m.14 views

CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

...

5.5CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.12 views

EUVD-2026-29473

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/12 2:0 p.m.15 views

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally...

5.5CVSS5.8AI score0.00292EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.15 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

7.5CVSS5.7AI score0.00667EPSS
Exploits1References4
Kaspersky
Kaspersky
added 2026/05/12 12:0 a.m.15 views

KLA91040 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of...

9.8CVSS7.6AI score0.01932EPSS
Exploits4References89
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the use of a security filter for variable expansion, where all subsequent pipes on the same strin...

9.1CVSS5.9AI score0.00406EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/11 6:14 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the LDAP connectivity configuration component. An attacker can cause the server to initiate unintended outbound connections by supplying a malicious LDAP server during configuration or testing. This ...

5.1CVSS5.5AI score0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 5:11 p.m.8 views

CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

5.1CVSS5.8AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 5:11 p.m.19 views

CVE-2026-3048

Nexus Repository Manager (Sonatype) 3.x is affected: versions 3.0.0–3.91.1, when an authenticated administrator configures or tests LDAP connectivity, may initiate unintended server-side connections with a malicious LDAP server due to improper LDAP referral handling. No exploitation details or mi...

5.1CVSS5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Sonatype Nexus Repository Manager 代码问题漏洞

Sonatype Nexus Repository Manager NXRM is a repository manager developed by Sonatype, Inc., in the United States. It is primarily used for managing, storing, and distributing software. Versions of Sonatype Nexus Repository Manager from 3.0.0 to 3.91.1 contained code vulnerabilities. These...

5.1CVSS5.9AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 8:16 p.m.4 views

DEBIAN-CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.3CVSS5.7AI score0.00813EPSS
Exploits0References1
Rows per page
Query Builder