381 matches found
CVE-2026-31828 Parse Server has an LDAP injection via unsanitized user input in DN and group filter construction
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...
CVE-2026-31828 Parse Server has an LDAP injection via unsanitized user input in DN and group filter construction
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...
CVE-2026-31828
CVE-2026-31828 affects Parse Server deployments using the LDAP authentication adapter with group-based access control. User input in authData.id is interpolated directly into LDAP DNs and group search filters without escaping, enabling an attacker with valid LDAP credentials to manipulate the bin...
Astra Linux – Vulnerability in the 389-DS-base
A flaw was discovered in the 389-ds-base LDAP Server. This issue occurs when performing an Modify DN LDAP operation via the ldap protocol, if the function’s return value is not checked and a NULL pointer is dereferenced. If a privileged user performs an ldap MODDN operation after a failed...
CVE-2026-27452
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...
CVE-2026-27452
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...
Fedora 42 : p11-kit (2026-7982f70f74)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7982f70f74 advisory. Notable changes from the rebase: pkcs11: Update PKCS11 headers to version 3.2 rpc: fix NULL dereference via CDeriveKey with specific NULL parameters...
CVE-2026-25560
WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...
EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1209)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse...
EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2026-1118)
According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of...
MiracleLinux 8 : 389-ds:1.4 bug fix and enhancement update (AXSA:2021-2281:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2281:02 advisory. An update for the 389-ds:1.4 module is now available. CVE-2020-35518 When binding against a DN during authentication, the reply from 389-ds-base will be...
CVE-2025-66031
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...
EUVD-2025-99759
Malicious code in distinguishedroadrunnerz3n npm...
Malicious code in distinguished_roadrunner_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef98458c4aee9e633911a6dec37fe72522cd0bc6729a2d673e0049a7a66b864a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-105760
Malicious code in distinguishednewtz3n npm...
EUVD-2025-77075
Malicious code in distinguishedlemur-appteadev npm...
MAL-2025-101659 Malicious code in distinguished_lemur-appteadev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0e50c82abdf38988aab6070d0f3140f1c344bb8504d91380c77b2403275e06c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-77647
Malicious code in distinguishedlocustfuchsia-69 npm...
EUVD-2025-82182
Malicious code in distinguishedclam0xrequest npm...
EUVD-2025-70775
Malicious code in distinguishedbirdz3n npm...