Lucene search
K

320 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Microsoft Lightweight Directory Access Protocol(LDAP) 代码问题漏洞

Microsoft Lightweight Directory Access Protocol LDAP is a directory service protocol developed by Microsoft Corporation. It operates at the layer above the TCP/IP stack. There are code-related vulnerabilities in the Microsoft Lightweight Directory Access Protocol LDAP. Attackers can exploit these...

5.5CVSS5.8AI score0.00292EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017651)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017651 advisory. A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LD...

7.5CVSS6.8AI score0.04328EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 11:39 p.m.4 views

GHSA-QCXQ-75WR-5CM8 ldap3_proto has LDAP Filter stack exhaustion

Impact LDAP queries are not validated for depth, which can cause the parser both PEG and ASN to exhaust the stack. This may cause a denial of service in applications that process queries. Workarounds N/A Resources Related to GHSA-r5fr-9gmv-jggh...

8.7CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 11:39 p.m.16 views

ldap3_proto has LDAP Filter stack exhaustion

Impact LDAP queries are not validated for depth, which can cause the parser both PEG and ASN to exhaust the stack. This may cause a denial of service in applications that process queries. Workarounds N/A Resources Related to GHSA-r5fr-9gmv-jggh...

5.8AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/06 6:48 p.m.7 views

Improper Certificate Validation

Overview lemur is a Certificate management and orchestration service Affected versions of this package are vulnerable to Improper Certificate Validation in the ldap process. An attacker can intercept authentication credentials and modify LDAP responses by performing a man-in-the-middle attack...

7.6CVSS5.8AI score0.00094EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/06 5:59 p.m.5 views

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/05 3:47 a.m.4 views

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/22 2:0 p.m.4 views

CVE-2026-33609

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees...

5.3CVSS5.8AI score0.00242EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/21 9:16 p.m.6 views

CVE-2026-34294

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Microsoft Active Directory. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Orac...

5.9CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 6:31 p.m.10 views

EUVD-2026-22849

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.84...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 3:36 p.m.4 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection in the LdapProfileService class, which accepts ID-based search parameters in multiple methods. A privileged attacker can execute unauthorized LDAP queries and perform arbitrary directory operations. Remediation Upgrade...

8.8CVSS5.9AI score0.00608EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 3:31 p.m.4 views

EUVD-2026-23423

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...

8.7CVSS5.9AI score0.00608EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/17 12:6 p.m.9 views

SUSE CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

5.3CVSS5.8AI score0.00527EPSS
Exploits0References5
NVD
NVD
added 2026/04/15 10:16 a.m.7 views

CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

6.9CVSS0.00527EPSS
Exploits0References15
Snyk
Snyk
added 2026/04/15 10:16 a.m.11 views

LDAP Injection

Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 6:30 p.m.4 views

EUVD-2026-22323

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...

4.1CVSS5.8AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 3:38 p.m.24 views

CVE-2026-22574

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...

4.1CVSS0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-33226

Name of the Vulnerable Software and Affected Versions mitmproxy versions prior to 12.2.2 Description The builtin LDAP proxy authentication fails to correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. This issue only affects...

4.8CVSS5.2AI score0.00166EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/13 7:22 p.m.7 views

Maddy Mail Server has an LDAP Filter Injection via Unsanitized Username

Summary The auth.ldap module constructs LDAP search filters and DN strings by directly interpolating user-supplied usernames via strings.ReplaceAll without any LDAP filter escaping. An attacker who can reach the SMTP submission AUTH PLAIN or IMAP LOGIN interface can inject arbitrary LDAP filter...

8.2CVSS6AI score0.00419EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/04/09 2:34 p.m.17 views

CVE-2026-34578 OPNsense has an LDAP Injection via Unsanitized Username in Authentication

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...

8.2CVSS0.00415EPSS
Exploits1References2
Rows per page
Query Builder