CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/01 7:12 a.m.•44 views

CVE-2026-35563 Apache Directory LDAP API: LDAP client implementation does not verify if the server certificate matches the intended LDAP hostname

8.8CVSS0.00182EPSS

Debian CVE•added 2026/06/01 7:12 a.m.•10 views

CVE-2026-35563

8.8CVSS5.8AI score0.00182EPSS

CVE•added 2026/06/01 7:12 a.m.•34 views

CVE-2026-35563

The CVE-2026-35563 concerns the Apache Directory LDAP API LDAP client (v2.1.7) failing to verify that the server certificate matches the intended LDAP hostname. Root cause: incomplete TLS server identity verification. Impact: potential server impersonation and complete connection compromise over ...

8.8CVSS5.8AI score0.00182EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/06/01 12:0 a.m.•7 views

Apache Directory LDAP API 安全漏洞

The Apache Directory LDAP API is a LDAP protocol development framework created by the Apache Foundation in the United States. There were security vulnerabilities in the Apache Directory LDAP API between versions 2.0.0 and 2.1.7. These vulnerabilities stemmed from incomplete TLS server...

8.8CVSS5.3AI score0.00182EPSS

Exploits0References3

RedhatCVE•added 2026/03/27 10:51 p.m.•4 views

CVE-2026-33670

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

9.8CVSS5.8AI score0.0066EPSS

Exploits1References1

Cvelist•added 2026/03/26 9:15 p.m.•20 views

CVE-2026-33670 SiYuan has directory traversal within its publishing service

9.8CVSS0.0066EPSS

Exploits1References1

EUVD•added 2026/03/26 9:14 p.m.•3 views

EUVD-2026-16432

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

9.8CVSS5.8AI score0.00523EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:18 a.m.•4 views

CVE-2023-30744

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...

9.1CVSS7AI score0.00624EPSS

RedhatCVE•added 2025/05/23 4:55 a.m.•9 views

CVE-2023-24527

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...

5.3CVSS7AI score0.00452EPSS

CNNVD•added 2024/09/17 12:0 a.m.•3 views

Backstage 安全漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage version 1.25.0, which originates from an instance of Backstage with the Directory Backend plugin installed, where a malicious actor with...

6.5CVSS6.3AI score0.00492EPSS

vulnersOsv•added 2024/08/07 3:15 p.m.•2 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-41990 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41990 Source advisory: OSV:PYSEC-2024-68...

7.5CVSS6.7AI score0.01258EPSS

vulnersOsv•added 2024/07/10 5:15 a.m.•3 views

aldryn-django (=4.2.10.0), am-report (=0.1.5) +81 more potentially affected by CVE-2024-38875 via django (>=4.2.0 <=4.2.13)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-38875 Source advisory: OSV:PYSEC-2024-56...

7.5CVSS6.6AI score0.01187EPSS

BDU FSTEC•added 2024/06/18 12:0 a.m.•1 views

The vulnerability of the LDAP URL parser component in the Apache Directory LDAP API software allows a malicious actor to cause service failure.

The vulnerability of the LDAP URL parser component in Apache Directory LDAP API is related to the lack of control over the data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS5.5AI score

Exploits0References2Affected Software1

Tenable Nessus•added 2023/05/11 12:0 a.m.•33 views

SAP NetWeaver AS Java Improper Access Control (May 2023)

SAP NetWeaver Application Server for Java is affected by improper access control vulnerability. An unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization...

9.1CVSS8.2AI score0.00624EPSS

NVD•added 2023/05/09 2:15 a.m.•24 views

CVE-2023-30744

9.1CVSS8.9AI score0.00624EPSS

Prion•added 2023/05/09 2:15 a.m.•30 views

Design/Logic Flaw

6.4CVSS9.2AI score0.00624EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/05/09 1:36 a.m.•40 views

CVE-2023-30744 Improper access control during application start-up in SAP AS NetWeaver JAVA.

8.2CVSS9.4AI score0.00624EPSS

vulnersOsv•added 2023/05/07 3:30 a.m.•3 views

bfactory (>=0.4.0 <=0.4.4), coop (>=5.2.0 <=5.2.2) +39 more potentially affected by CVE-2023-31047 via django (>=4.2.0 <=4.2.0rc1)

django PYPI version =4.2.0, =0.4.0, =5.2.0, =3.1.0, =7.2.2, =39.1.0, =9.3.0, =0.1.0a1, =1.0.0, =0.2.1, =0.2.2 - django-handy-admin =0.0.0 and more Source cves: CVE-2023-31047 Source advisory: OSV:GHSA-R3XC-PRGR-MG9P...

9.8CVSS6.8AI score0.0138EPSS

NVD•added 2023/04/11 3:15 a.m.•17 views

CVE-2023-24527

5.3CVSS5.4AI score0.00452EPSS