4184 matches found
SecurEnvoy Two Factor Authentication - LDAP Injection
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...
Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for July 2026, which includes 622 vulnerabilities affecting a range of products, including 57 that Microsoft marked as "critical." Microsoft notes that two of the vulnerabilities disclosed this month have been exploited in the wild. CVE-2026-5615...
CVE-2026-54121
Improper authorization in Active Directory Certificate Services AD CS allows an authorized attacker to elevate privileges over a network...
CVE-2026-54115
Integer overflow or wraparound in Windows Active Directory allows an authorized attacker to elevate privileges locally...
CVE-2026-50304
Stack-based buffer overflow in Active Directory Federation Services allows an unauthorized attacker to deny service over a network...
CVE-2026-56155
Insufficient granularity of access control in Active Directory Federation Services AD FS allows an authorized attacker to elevate privileges locally...
CVE-2026-55001
Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally...
CVE-2026-54119
Loop with unreachable exit condition 'infinite loop' in Windows Active Directory allows an unauthorized attacker to deny service over a network...
CVE-2026-49178
Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network...
CVE-2026-49164
Heap-based buffer overflow in Active Directory Domain Services allows an unauthorized attacker to execute code over a network...
CVE-2026-58529
Summary (CVE-2026-58529): Out-of-bounds read in Active Directory Federation Services (AD FS) can disclose information over a network to an authorized attacker. The entry is supported by multiple connected sources (NVD/NCSC/CIRCL/NVDC/MSRC) confirming the vulnerability and its description. The CVS...
CVE-2026-50682
CVE-2026-50682 describes an out-of-bounds read in Windows Active Directory (Active Directory Domain Services) that can allow an authorized attacker to cause a denial of service over the network. The description and cross-references in the connected documents confirm the affected component as Wind...
CVE-2026-54121
CVE-2026-54121 affects Active Directory Certificate Services (AD CS). Root cause: improper authorization allowing an authorized attacker to elevate privileges over the network. Impact: elevation of privilege with high CVSS (8.8) per Microsoft-assigned metrics. Remediation: Microsoft has released ...
CVE-2026-50684
CVE-2026-50684 (AD FS spoofing) : The vulnerability is described as improper neutralization of input during web page generation (XSS) in Active Directory Federation Services, enabling an authorized attacker to perform spoofing over the network. The CVSS v3.1 base metrics indicate a Medium severit...
CVE-2026-50647
CVE-2026-50647: AD FS denial-of-service due to an infinite loop in AD FS. Public sources (NVD/EUVD/NCSC, CIRCL sighting, MSRC) confirm a network-exploitable condition causing service disruption; no exploitation details provided in the docs. Microsoft has released updates addressing the vulnerabil...
CVE-2026-50411
CVE-2026-50411 affects Active Directory Federation Services (AD FS) and is described as a stack-based buffer overflow that enables a remote attacker to cause a denial of service over the network. Public references in the connected documents confirm the DoS impact and Microsoft has released update...
CVE-2026-50355
CVE-2026-50355 is a vulnerability in Active Directory Federation Services (AD FS) described as a stack-based buffer overflow that enables a remote, unauthenticated attacker to cause a denial of service over the network. The CVSS v3.1 base score is 7.5 (Network, Low attack complexity, No privilege...
CVE-2026-50366
CVE-2026-50366 describes a Denial of Service in Windows Active Directory Domain Services caused by a null pointer dereference. The vulnerability is exploitable over the network with no user interaction, requiring low privileges and network access from an authenticated attacker; the impact is deni...
CVE-2026-50324
CVE-2026-50324 affects Windows Active Directory Federation Services (AD FS). The description identifies a loop condition described as an infinite loop that enables a network-based Denial of Service against AD FS. The CVE entry lists a Medium severity (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) with Ava...
CVE-2026-50368
CVE-2026-50368 refers to a stack-based buffer overflow in Active Directory Federation Services (AD FS) that allows an unauthenticated attacker to cause a denial of service over the network. The vulnerability arises in the AD FS component and is described in multiple sources as enabling a DS impac...