232 matches found
EUVD-2026-38768
Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...
PT-2026-49390
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-48919
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...
CVE-2026-48918
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
CVE-2026-48919
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation...
CVE-2026-48918
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
CVE-2026-48919
CVE-2026-48919 affects Jenkins’ Active Directory Plugin (2.41 and earlier). The root cause is that the plugin deserializes data from LDAP referrals without validation. This leads to potential impact on confidentiality, integrity, and availability (CVSS v3.1 base score 6.6, MEDIUM). The exploitati...
CVE-2026-48916
The CVE-2026-48916 entry concerns Jenkins LDAP Plugin up to version 807.v7d7de30930cf and earlier, which follows LDAP referrals. The available connected documents identify the affected component (Jenkins LDAP Plugin) and the specific version range, with CVSSv3.1 vectors indicating Network attack,...
PT-2026-44011
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...
CVE-2026-3178
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-3178
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-3178
The CVE concerns the WordPress Name Directory plugin (affected: all versions up to 1.32.1) and a Stored XSS via the name_directory_name parameter. The vulnerability stems from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts into pages that...
CVE-2026-2576
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-1656
The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email...
CVE-2026-1656 Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification
The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email...
CVE-2026-1656
CVE-2026-1656 concerns the WordPress Business Directory Plugin (versions up to and including 6.4.20). The root cause is a missing authorization check in the wpbdp_ajax action, enabling unauthenticated attackers to bypass controls and modify arbitrary listings (titles, content, email addresses) by...
CVE-2026-1656
The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email...
CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-2576
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-2576 Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...