320 matches found
CVE-2026-1498
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...
[SECURITY] Fedora 43 Update: bind-dyndb-ldap-11.11-10.fc43
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...
Azure Linux 3.0 Security Update: samba (CVE-2023-0614)
The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0614 advisory. - The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters...
CVE-2026-20812
Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network...
CVE-2026-20812
Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network...
LDAP Tampering Vulnerability
Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network...
CVE-2025-14017
When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...
DEBIAN-CVE-2026-21880
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
PT-2025-51916
Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.45.3 Description A flaw exists in Homarr dashboard that, before version 1.45.3, could allow privilege escalation and access to other users' groups. This is due to insufficient input sanitization within the LDAP searc...
Information Exposure
Liferay Portal is vulnerable to information exposure. The vulnerability is due to improper logging in the LDAP import feature, which allows a local attacker to view user email addresses stored in application log files...
PT-2025-48039
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Keycloak LDAP User Federation provider that allows an authenticated realm administrator to trigger deserialization of untrusted Java objects. This is achieved through a...
EUVD-2025-198491
Vault’s Terraform Provider incorrectly set default denynullbind parameter for LDAP auth method to false by default...
GHSA-GMM6-J2G5-R52M Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
CVE-2025-13357
Vault’s Terraform Provider has a vulnerability (CVE-2025-13357) where the default deny_null_bind parameter for the LDAP authentication method was set to false, potentially allowing anonymous/unauthenticated binds and authentication bypass. Concrete details across sources indicate this affects the...
OESA-2025-2683 python-ldap security update
python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...
HP LaserJet Pro 安全漏洞
HP LaserJet Pro is a line of laser printers and MFPs from Hewlett-Packard HP in the United States. A security vulnerability exists in HP LaserJet Pro that originates from a modification of the scanning send destination address or LDAP server could lead to information disclosure and credential...
CVE-2025-34280
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in...