2 matches found
CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow
ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...
WordPress ProfilePress Plugin <= 4.14.4 is vulnerable to Cross Site Scripting (XSS)
Software ProfilePress Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.15.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1570 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ebc427c2e4de Credits Arkadiusz Hydzik Required...