WebADM LDAP Environment Audit / Data Extraction Engine

This is an authenticated assessment and auditing utility designed to collect and process directory information from a WebADM deployment using available application functionality, rather than a vulnerability proof-of-concept...

EUVD-2026-31669

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

CVE-2026-46745

The CVE-2026-46745 issue affects the Apache Airflow FAB provider’s FAB Auth Manager, specifically an LDAP filter injection in the _search_ldap path reachable via /auth/token. The vulnerability arises from insufficient input sanitization in LDAP filters, enabling unauthenticated attackers to exfil...

PT-2026-43033

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-fab versions prior to 3.6.4 Description Apache Airflow FAB Auth Manager is subject to an LDAP filter injection, which occurs when user-supplied input is improperly sanitized before being used in an LDAP filter. This...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow FAB Auth Manager,...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: xfs: Do not wander off the end of a directory data block This fix adds sanity checks for xfsdir2dataunused and xfsdir2dataentry to ensure that they do not exceed the valid memory region. Before the patch, the loop simply checked...

CVE-2026-44599

A flaw was found in Tor. This vulnerability allows a remote attacker to manipulate directory information by attempting or accepting specific BEGINDIR messages through an internal mechanism known as conflux legs. This could result in a low integrity impact, where the accuracy or trustworthiness of...

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

CVE-2024-56464

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update...

PT-2025-49848

CVE-2024-56464 IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulne… https://t.co/A3Hmcaxcos...

CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...

Restaurant Brands International assistant platform multiple vulnerabilities

RISK EVALUATION Restaurant Brands International assistant platform is used to manage restaurants owned by RBI. Multiple vulnerabilities were found in the assistant platform. The most severe vulnerabilities chained together could allow a remote, unauthenticated attacker to create an account and...

xfs: don't walk off the end of a directory data block

...

Linux Distros Unpatched Vulnerability : CVE-2016-9772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the 1 client cache partition, 2 fileserver vi...

CVE-2023-37516

Missing "no cache" headers in HCL Leap permits user directory information to be cached...

SUSE-SU-2025:20008-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. - CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

RockyLinux 9 : kernel (RLSA-2024:8617)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:8617 advisory. hw: cpu: intel: Native Branch History Injection BHI CVE-2024-2201 kernel: tcp: add sanity checks to rx zerocopy CVE-2024-26640 kernel: mptcp: fix data...

kernel: xfs: don&#39;t walk off the end of a directory data block

A vulnerability was found in the Linux kernel in the xfsdir2dataunused and xfsdir2dataentry functions where a lack of proper sanity checks while handling directory data blocks can lead to out-of-bounds memory access. This can result in undefined system behavior or crashes...

kernel: xfs: don&#39;t walk off the end of a directory data block

A vulnerability was found in the Linux kernel in the xfsdir2dataunused and xfsdir2dataentry functions where a lack of proper sanity checks while handling directory data blocks can lead to out-of-bounds memory access. This can result in undefined system behavior or crashes...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2896-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2896-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were...