CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

PT-2026-32679

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...

CVE-2026-33288

CVE-2026-33288 affects SuiteCRM, where an authenticated SQL injection exists in the authentication module when directory support is enabled. The root cause is improper sanitization of the user-provided username before using it in a local database query, allowing an attacker with valid, low-privil...

EUVD-2026-5525

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

CVE-2026-25815

Fortinet FortiOS up to version 7.6.6 is affected: an issue in the LDAP credential encryption in device configuration files allows attackers to decrypt credentials due to a common encryption key used across all installations. The vulnerability has been observed as exploited in the wild (around 202...

CVE-2026-25815

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...

CVE-2026-1966

CVE-2026-1966 affects YugabyteDB Anywhere. An authenticated user with access to the configuration view can see LDAP bind passwords configured via gflags in cleartext in the web UI, enabling potential unauthorized access to external directory services. The issue is described consistently across so...

CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

EUVD-2026-5553

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

CVE-2025-13164 Digiwin｜EasyFlow GP - Insufficiently Protected Credentials

EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend...

EUVD-2020-6009

Malware in sbrugna...

EUVD-2016-3243

Malware in sbrugna...

EUVD-2010-0245

Malware in sbrugna...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability exists in Checkmk versions prior to 2.3.0p27, prior to 2.2.0p40, and 2.1.0p51, which stems from LDAP credentials being written to an Apache error log file...

CVE-2024-42348

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395...

GHSA-C25H-C27Q-5QPV Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access permission manage-realm can change the LDAP host URL "Connection URL" to a machine they control. The...

PT-2024-7256 · 1с · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: 1C-Bitrix Bitrix24 version 23.300.100 Description: The issue is related to insufficiently protected credentials in AD/LDAP server settings, allowing remote administrators to send AD/LDAP administrators' account passwords to an arbitrary serve...

GatesAIr Flexiva FM Transmitter Security Vulnerability

GatesAIr Flexiva FM Transmitter is an FM platform from GatesAIr, Inc. A security vulnerability exists in the GatesAIR Flexiva FM Transmitter/Exciter Fax 150W that could allow a remote attacker to gain privileges via LDAP and SMTP credentials...

CVE-2022-42132

The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, whic...

IGEL Universal Management Suite 安全漏洞

The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability exists in IGEL Universal Management Suite UMS version 6.07.100, which originates from the transmission ...