Lucene search
K

320 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/30 1:2 p.m.5 views

CVE-2026-1498

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...

7CVSS5.9AI score0.0068EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/01/27 5:38 a.m.7 views

[SECURITY] Fedora 43 Update: bind-dyndb-ldap-11.11-10.fc43

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

7.5CVSS6.1AI score0.08219EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: samba (CVE-2023-0614)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0614 advisory. - The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters...

7.7CVSS5.7AI score0.02195EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/14 6:22 p.m.1 views

CVE-2026-20812

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network...

6.5CVSS6.9AI score0.01116EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 6:16 p.m.1 views

CVE-2026-20812

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network...

6.5CVSS5.8AI score0.01116EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/01/13 4:0 p.m.4 views

LDAP Tampering Vulnerability

Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network...

6.5CVSS6.9AI score0.01116EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/01/08 10:7 a.m.4 views

CVE-2025-14017

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

6.3CVSS6.5AI score0.00106EPSS
Exploits0
OSV
OSV
added 2026/01/08 2:15 a.m.5 views

DEBIAN-CVE-2026-21880

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

5.3CVSS5.5AI score0.00352EPSS
Exploits2References1
OSV
OSV
added 2026/01/08 12:59 a.m.4 views

CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

5.3CVSS6.8AI score0.00352EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2026/01/08 12:59 a.m.2 views

CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

5.3CVSS6.7AI score0.00352EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51916

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.45.3 Description A flaw exists in Homarr dashboard that, before version 1.45.3, could allow privilege escalation and access to other users' groups. This is due to insufficient input sanitization within the LDAP searc...

7.5CVSS6.7AI score0.00258EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 4:42 a.m.6 views

Information Exposure

Liferay Portal is vulnerable to information exposure. The vulnerability is due to improper logging in the LDAP import feature, which allows a local attacker to view user email addresses stored in application log files...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.4 views

PT-2025-48039

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Keycloak LDAP User Federation provider that allows an authenticated realm administrator to trigger deserialization of untrusted Java objects. This is achieved through a...

5.5CVSS6.3AI score0.00399EPSS
Exploits0References20
EUVD
EUVD
added 2025/11/21 3:31 p.m.7 views

EUVD-2025-198491

Vault’s Terraform Provider incorrectly set default denynullbind parameter for LDAP auth method to false by default...

7.4CVSS6.4AI score0.00492EPSS
Exploits0References5
OSV
OSV
added 2025/11/21 3:31 p.m.7 views

GHSA-GMM6-J2G5-R52M Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

7.4CVSS7AI score0.00492EPSS
Exploits0References7
CVE
CVE
added 2025/11/21 3:2 p.m.50 views

CVE-2025-13357

Vault’s Terraform Provider has a vulnerability (CVE-2025-13357) where the default deny_null_bind parameter for the LDAP authentication method was set to false, potentially allowing anonymous/unauthenticated binds and authentication bypass. Concrete details across sources indicate this affects the...

9.8CVSS6.7AI score0.00492EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/14 12:39 p.m.2 views

OESA-2025-2683 python-ldap security update

python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...

6.9CVSS6.9AI score0.00301EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/11/13 3:30 p.m.7 views

pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...

7.5CVSS7.1AI score0.00181EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.4 views

HP LaserJet Pro 安全漏洞

HP LaserJet Pro is a line of laser printers and MFPs from Hewlett-Packard HP in the United States. A security vulnerability exists in HP LaserJet Pro that originates from a modification of the scanning send destination address or LDAP server could lead to information disclosure and credential...

6.9CVSS6.2AI score0.0027EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2025-34280

Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in...

8.6CVSS8AI score0.01302EPSS
Exploits0References1
Rows per page
Query Builder