Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/05/14 9:13 p.m.48 views

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS0.00479EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/10 11:27 a.m.7 views

EUVD-2025-202412

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

9.3CVSS6.2AI score0.00516EPSS
Exploits0References2
OSV
OSV
added 2019/08/15 5:15 p.m.3 views

UBUNTU-CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided...

9.8CVSS7.4AI score0.01749EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/02/11 6:4 p.m.7 views

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

7.5CVSS5.9AI score0.02344EPSS
Exploits0References4
Rows per page
Query Builder