Lucene search
K

45 matches found

Nuclei
Nuclei
added 9 hours ago113 views

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS6.1AI score0.03304EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.6 views

CVE-2025-15552

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2025-208691

Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00109EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2025-208693

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00107EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 10:46 a.m.4 views

CVE-2025-15554 Admin Passwords Cached by Browsers in Truesec LAPSWebUI

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

6CVSS5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:46 a.m.3 views

CVE-2025-15554

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

6CVSS5.8AI score0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 10:46 a.m.10 views

CVE-2025-15554

The CVE-2025-15554 issue affects Truesec’s LAPSWebUI prior to 2.4, where browser caching of LAPS passwords can enable local privilege escalation if an attacker has workstation access. The reports consistently describe the vulnerability as arising from how passwords are stored in the browser cache...

7.8CVSS5.8AI score0.00145EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/16 10:45 a.m.16 views

CVE-2025-15553

CVE-2025-15553 affects Truesec’s LAPSWebUI prior to version 2.4. The issue is a non-working logout function that can permit an attacker with workstation access to escalate privileges by disclosure of the local admin password. The vulnerability’s impact is described as privilege escalation with hi...

7.1CVSS5.8AI score0.00107EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/16 10:44 a.m.12 views

CVE-2025-15552

CVE-2025-15552 affects Truesec LAPSWebUI prior to version 2.4. The root cause is insufficient session expiration, which can allow a workstation-occupied attacker to escalate privileges by disclosure of the local admin password. The available connected sources corroborate a local-attack vector wit...

7.8CVSS5.8AI score0.00109EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25676

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00107EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.4 views

Malicious code in mitk-oni-laps (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 70bc013b814bb39527dadfbda3215f770d72caf832836687257e42d2a2027558 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.3 views

CVE-2024-37393

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS6AI score0.03304EPSS
Exploits2References1
Metasploit
Metasploit
added 2025/05/01 6:50 p.m.483 views

LDAP Password Disclosure

This module will gather passwords and password hashes from a target LDAP server via multiple techniques including Windows LAPS. For best results, run with SSL because some attributes are only readable over encrypted connections. Module Options msf use auxiliary/gather/ldappasswords msf...

5.5AI score
Exploits0
Microsoft KB
Microsoft KB
added 2024/08/13 7:0 a.m.387 views

July 9, 2024—KB5040437 (OS Build 20348.2582)

None None...

9.8CVSS6.8AI score0.84345EPSS
Exploits7
Microsoft KB
Microsoft KB
added 2024/08/13 7:0 a.m.567 views

July 9, 2024—KB5040430 (OS Build 17763.6054) - EXPIRED

None None...

9.8CVSS6.8AI score0.51097EPSS
Exploits0
NVD
NVD
added 2024/06/10 8:15 p.m.65 views

CVE-2024-37393

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS0.03304EPSS
Exploits2References3
CVE
CVE
added 2024/06/10 12:0 a.m.119 views

CVE-2024-37393

SecurEnvoy MFA has multiple LDAP injection vulnerabilities in versions before 9.4.514. The DESKTOP service at the /secserver HTTP endpoint validates input improperly, enabling unauthenticated remote attackers to exfiltrate Active Directory data (potentially including the cleartext ms-Mcs-AdmPwd u...

9.8CVSS7.7AI score0.03304EPSS
In wildExploits2References3Affected Software1
Microsoft KB
Microsoft KB
added 2024/02/20 8:0 a.m.354 views

November 14, 2023—KB5032196 (OS Build 17763.5122) - EXPIRED

None None...

9.8CVSS6.8AI score0.88196EPSS
Exploits13
Microsoft KB
Microsoft KB
added 2024/02/20 8:0 a.m.221 views

November 14, 2023—KB5032202 (OS Build 25398.531)

None None...

9.8CVSS6.8AI score0.88196EPSS
Exploits7
Microsoft KB
Microsoft KB
added 2024/02/20 8:0 a.m.200 views

November 14, 2023—KB5032198 (OS Build 20348.2113)

None None...

9.8CVSS6.8AI score0.88196EPSS
Exploits14
Rows per page
Query Builder