Lucene search
+L

381 matches found

cvelist
cvelist
added 2026/03/10 9:41 p.m.29 views

CVE-2026-31828 Parse Server has an LDAP injection via unsanitized user input in DN and group filter construction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...

6CVSS0.00423EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/10 9:41 p.m.4 views

CVE-2026-31828 Parse Server has an LDAP injection via unsanitized user input in DN and group filter construction

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...

6CVSS5.8AI score0.00423EPSS
Exploits0References3
cve
cve
added 2026/03/10 9:41 p.m.15 views

CVE-2026-31828

CVE-2026-31828 affects Parse Server deployments using the LDAP authentication adapter with group-based access control. User input in authData.id is interpolated directly into LDAP DNs and group search filters without escaping, enabling an attacker with valid LDAP credentials to manipulate the bin...

8.8CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
astralinux
astralinux
added 2026/03/03 9:29 a.m.5 views

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in the 389-ds-base LDAP Server. This issue occurs when performing an Modify DN LDAP operation via the ldap protocol, if the function’s return value is not checked and a NULL pointer is dereferenced. If a privileged user performs an ldap MODDN operation after a failed...

4.9CVSS6.1AI score0.00553EPSS
Exploits0References3
nvd
nvd
added 2026/02/21 7:16 a.m.23 views

CVE-2026-27452

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

9.2CVSS0.0026EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/21 6:50 a.m.8 views

CVE-2026-27452

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

9.2CVSS5.4AI score0.0026EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2026/02/16 12:0 a.m.2 views

Fedora 42 : p11-kit (2026-7982f70f74)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7982f70f74 advisory. Notable changes from the rebase: pkcs11: Update PKCS11 headers to version 3.2 rpc: fix NULL dereference via CDeriveKey with specific NULL parameters...

7.5CVSS5.8AI score0.0116EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/07 9:56 p.m.5 views

CVE-2026-25560

WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication...

8.7CVSS5.4AI score0.00654EPSS
Exploits0References4
nessus
nessus
added 2026/02/02 12:0 a.m.8 views

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1209)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse...

7.5CVSS5.6AI score0.00626EPSS
Exploits0References4
nessus
nessus
added 2026/01/31 12:0 a.m.6 views

EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2026-1118)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of...

8.2CVSS5.8AI score0.01245EPSS
Exploits0References5
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : 389-ds:1.4 bug fix and enhancement update (AXSA:2021-2281:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2281:02 advisory. An update for the 389-ds:1.4 module is now available. CVE-2020-35518 When binding against a DN during authentication, the reply from 389-ds-base will be...

5.3CVSS5.7AI score0.01538EPSS
Exploits0References2
nvd
nvd
added 2025/11/26 11:15 p.m.10 views

CVE-2025-66031

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

8.7CVSS0.00381EPSS
Exploits0References2
euvd
euvd
added 2025/11/11 8:46 p.m.4 views

EUVD-2025-99759

Malicious code in distinguishedroadrunnerz3n npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/11 8:46 p.m.5 views

Malicious code in distinguished_roadrunner_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef98458c4aee9e633911a6dec37fe72522cd0bc6729a2d673e0049a7a66b864a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
euvd
euvd
added 2025/11/11 8:11 p.m.2 views

EUVD-2025-105760

Malicious code in distinguishednewtz3n npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 7:44 a.m.4 views

EUVD-2025-77075

Malicious code in distinguishedlemur-appteadev npm...

6.6AI score
Exploits0
osv
osv
added 2025/11/11 7:44 a.m.3 views

MAL-2025-101659 Malicious code in distinguished_lemur-appteadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0e50c82abdf38988aab6070d0f3140f1c344bb8504d91380c77b2403275e06c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
euvd
euvd
added 2025/11/11 7:38 a.m.6 views

EUVD-2025-77647

Malicious code in distinguishedlocustfuchsia-69 npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 7:26 a.m.1 views

EUVD-2025-82182

Malicious code in distinguishedclam0xrequest npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 7:16 a.m.3 views

EUVD-2025-70775

Malicious code in distinguishedbirdz3n npm...

6.6AI score
Exploits0
Rows per page
Query Builder