Lucene search
K

323 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.28 views

PT-2026-45528

Name of the Vulnerable Software and Affected Versions Nextcloud versions 1.3.6 through 8.3.x Description An improper check in the authentication process allows users provided by LDAP to continue authenticating via user OIDC even after they have been deleted. Recommendations Update to version 8.4....

8.8CVSS5.8AI score0.00193EPSS
Exploits0References5
OSV
OSV
added 2026/05/29 9:21 p.m.11 views

GHSA-HJJ4-HFJM-FMRJ Authelia Missing Username Canonicalization in Basic Auth (LDAP)

Impact CVSSv4 Baseline Score: Moderate 6.3 CVSSv4 Weighted Score: Low 2.9 The full CVSSv4 Vector for this vulnerability is:...

6.3CVSS5.9AI score0.00308EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 4:42 a.m.39 views

CVE-2026-9801 Keycloak: keycloak: denial of service via malformed ldap password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS0.00476EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/28 4:42 a.m.11 views

CVE-2026-9801

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44194

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw allows a remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker who has compromis...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References11
NVD
NVD
added 2026/05/27 3:16 p.m.23 views

CVE-2026-48918

Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default...

6.6CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:13 p.m.31 views

CVE-2026-48918

Technical details about CVE-2026-48918 are not publicly available in the provided documents; monitor for updates from official advisories (e.g., Jenkins security notices) for new information.

6.6CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44012

Name of the Vulnerable Software and Affected Versions Jenkins Active Directory Plugin versions prior to 2.42 Description The plugin deserializes data from LDAP referrals without proper validation. Deserialization is the process of converting a data stream back into an object, which, when performe...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

Jenkins LDAP Plugin 安全漏洞

The Jenkins LDAP Plugin is an open-source Jenkins directory service authentication plugin developed by Jenkins. The Jenkins LDAP Plugin version 807.v7d7de30930cf and earlier versions have security vulnerabilities, which stem from adherence to LDAP references...

6.6CVSS5.8AI score0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.9 views

PT-2026-44009

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals...

5.8AI score0.00285EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Apache CXF 安全漏洞

Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There is a security vulnerability in Apache CXF, which stems from LDAP injection in the XKMS...

9.8CVSS5.8AI score0.0068EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42755

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.1 Apache CXF versions prior to 4.1.6 Apache CXF versions prior to 3.6.11 Description An LDAP injection issue exists in the LDAP Certificate repository of the XKMS server. This allows an attacker to retrieve...

9.8CVSS5.9AI score0.0068EPSS
Exploits0References16
EUVD
EUVD
added 2026/05/21 7:34 a.m.9 views

EUVD-2026-31227

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/21 7:34 a.m.15 views

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS5.8AI score0.00245EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in 389-ds-base. A specially crafted LDAP query may potentially cause a failure on the directory server, resulting in a denial of service...

7.5CVSS6.9AI score0.01256EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 9:13 p.m.14 views

EUVD-2026-30492

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.9 views

CVE-2026-34339

Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally...

5.5CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-29966

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.8AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.9 views

CVE-2026-39455 BIG-IP Configuration utility vulnerability

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.8AI score0.003EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.7 views

CVE-2026-39455

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.8AI score0.003EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder