PT-2026-45902

ipmi-oem in FreeIPMI before 1.16.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system...

[SECURITY] Fedora 44 Update: freeipa-4.13.1-12.fc44

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

rm-oneview-poc

RM OneView — Proof of Concept A working POC of the Relationsh...

CVE-2026-41076

A flaw was found in RT, an open-source issue and ticket tracking system. This vulnerability allows a remote attacker to bypass authentication in RT installations configured to use LDAP/AD Lightweight Directory Access Protocol/Active Directory for user authentication. Under specific LDAP server...

SUSE CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

CVE-2026-48919

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

EUVD-2026-32509

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

CVE-2026-48919

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

CVE-2026-48919

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

CVE-2026-48918

Technical details about CVE-2026-48918 are not publicly available in the provided documents; monitor for updates from official advisories (e.g., Jenkins security notices) for new information.

EUVD-2026-32510

Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...

CVE-2026-48918

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

CVE-2026-48919

CVE-2026-48919 affects Jenkins’ Active Directory Plugin (2.41 and earlier). The root cause is that the plugin deserializes data from LDAP referrals without validation. This leads to potential impact on confidentiality, integrity, and availability (CVSS v3.1 base score 6.6, MEDIUM). The exploitati...

Identity Exposure Management: Why It Matters

Millions of corporate credentials leak onto the public internet every single week. These exposed credentials act as open doors for threat actors looking to breach hybrid networks. When security teams rely only on legacy tools, they remain blind to these silent entry points. Book a HivePro demo to...

PT-2026-44012

Name of the Vulnerable Software and Affected Versions Jenkins Active Directory Plugin versions prior to 2.42 Description The plugin deserializes data from LDAP referrals without proper validation. Deserialization is the process of converting a data stream back into an object, which, when performe...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

PT-2026-44011

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

Jenkins Active Directory Plugin 安全漏洞

The Jenkins Active Directory Plugin is an identity integration plugin developed under open source by Jenkins. Versions of the Jenkins Active Directory Plugin 2.41 and earlier contained a security vulnerability, which was caused by unvalidated deserialization of LDAP reference data...

Jenkins Active Directory Plugin 安全漏洞

The Jenkins Active Directory Plugin is an identity integration plugin developed under the open-source project of Jenkins. Versions of the Jenkins Active Directory Plugin prior to 2.41 contained security vulnerabilities, which stemmed from the default behavior of following LDAP references...