Lucene search
K

334 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is...

9.1CVSS6AI score0.00494EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:42 p.m.5 views

GHSA-6MWX-4547-5VC9 OpenBao: LDAPi ldaputil (wrong escape func)

Description Component sdk/helper/ldaputil/client.go — the shared LDAP utility library used by both the LDAP authentication backend and OpenLDAP secrets engine to construct LDAP search filters and bind DNs. Root Cause The LDAP utility contains a function selection error that causes incorrect...

6.8CVSS6.1AI score
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in slapi-nis

A flaw was discovered in slapi-nis in versions prior to 0.56.7. A NULL pointer dereferencing during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The greatest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.01701EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in OpenLDAP

A flaw was discovered in OpenLDAP before version 2.4.57. This flaw led to an assertion failure in slapd during the X.509 DN parsing in the decode.c file, specifically at the bernextelement function. This caused a denial of service...

7.5CVSS6.9AI score0.1229EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/17 6:35 p.m.6 views

LDAP Injection

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to LDAP Injection in the DefaultLdapRealm class. An attacker can bypass...

9.1CVSS5.9AI score0.00494EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.16 views

CVE-2026-47838

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

8.1CVSS5.4AI score0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:50 p.m.7 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS5.4AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:50 p.m.77 views

CVE-2026-47838

Spring Security CVE-2026-47838 involves the SubjectDnX509PrincipalExtractor and malformed X.509 CN values, causing the extracted username to be read incorrectly and potentially allowing an attacker to impersonate another user. Affected versions include Spring Security 5.7.0–5.7.24; 5.8.0–5.8.26; ...

8.1CVSS5.5AI score0.00116EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 11:50 p.m.41 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:36 a.m.19 views

CVE-2026-41919 Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00454EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:36 a.m.41 views

CVE-2026-41919 Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.00454EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/07 12:9 a.m.10 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to ineffective hostname verification in the TLS certificate validation. An attacker can bypass expected hostname checks by presenting a certificate signed by the trusted certificate authority but with...

2.2CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.6 views

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

6.1CVSS5.2AI score0.00362EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/15 10:16 a.m.6 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.9 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/28 12:0 a.m.9 views

Security update for python-ldap (moderate)

openSUSE security update: security update for python-ldap ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20421-1 Rating: moderate References: bsc1251912 bsc1251913 Cross-References: CVE-2025-61911 CVE-2025-61912 CVSS scores: CVE-2025-61911 SUSE : 6...

6.9CVSS6.5AI score0.00418EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/03/25 9:31 p.m.5 views

CVE-2026-33248

A flaw was found in NATS-Server, a high-performance messaging system. When configured to use mutual Transport Layer Security mTLS for client identity, and specifically the verifyandmap feature, certain patterns within a client certificate's Subject Distinguished Name DN were not correctly enforce...

4.8CVSS5.6AI score0.00143EPSS
Exploits0References5
CVE
CVE
added 2026/03/25 8:18 p.m.9 views

CVE-2026-33248

NATS-Server has an authentication bypass vulnerability in mTLS verify_and_map where certain RDN patterns in the client certificate Subject DN were not correctly enforced. A valid certificate from a trusted CA could bypass identity checks on versions prior to 2.11.15 and 2.12.6. The issue is consi...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 8:18 p.m.2 views

CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/03/25 8:18 p.m.6 views

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0
Rows per page
Query Builder