bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

UBUNTU-CVE-2026-33609

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees...

CVE-2026-31433

A flaw was found in the ksmbd module of the Linux kernel. A remote attacker can exploit this vulnerability by sending a specially crafted compound request, specifically a combination of QUERYDIRECTORY and QUERYINFO. Due to a missing validation check for the client-provided output buffer length, a...

PowerDNS Authoritative Server 注入漏洞

The PowerDNS Authoritative Server is a DNS server developed by the Dutch company PowerDNS. There is an injection vulnerability in the PowerDNS Authoritative Server, which stems from incomplete escape sequences in LDAP queries when 8bit-dns is enabled, allowing users to query internal domain...

CVE-2026-33289

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

CVE-2026-33289

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an LDAP Injection vulnerability exists in the SuiteCRM authentication flow. The application fails to properly sanitize user-supplied input before embedding i...

CVE-2025-67493

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...

EUVD-2010-0416

Malware in sbrugna...

EUVD-2023-31128

Malicious code in bioql PyPI...

EUVD-2023-31130

Malicious code in bioql PyPI...

CVE-2023-27352

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue...

CVE-2025-27686

Dell Unisphere for PowerMax, versions prior to 10.2.0.9 and PowerMax versions prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this...

Dell Unisphere和Dell PowerMax 注入漏洞

Dell Unisphere and Dell PowerMax are both products of Dell Inc.Dell Unisphere is a web-based management platform provided by Dell EMC for its storage systems, such as the Dell EMC Unity series.Dell PowerMax is an enterprise-class all-flash storage array. An injection vulnerability exists in Dell...

389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

ca: token authentication bypass vulnerability

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...

389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

389-ds-base 安全漏洞

389-ds-base is a highly available, fully featured, reliable and secure LDAP server implementation. It handles many of the largest LDAP deployments in the world. A security vulnerability exists in the 389-ds-base ldap server that stems from a specially crafted LDAP query that could cause the...

PT-2024-12189 · Open Xchange Gmbh +2 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software name or versions are mentioned in the provided descriptions. Description: The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings, allowing access to content outside of the...