Lucene search
K

10798 matches found

IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago4 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

9.9CVSS6.7AI score0.00691EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added 14 hours ago79 views

TeamPass 2.1.27.36 - Improper Authentication

TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-12478 info...

7.5CVSS6.7AI score0.08621EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago113 views

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS6.1AI score0.03304EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago48 views

Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. id:...

7.5CVSS7AI score0.25855EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago63 views

LDAP Injection In OpenAM

OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration ca...

7.5CVSS7AI score0.76385EPSS
Exploits5References5
Nuclei
Nuclei
added 14 hours ago113 views

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS7AI score0.12484EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday45 views

Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion

A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. dot dot in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP...

5CVSS7.3AI score0.86196EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday30 views

VMware vCenter Server LDAP Broken Access Control

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctly implement access controls. id: CVE-2020-3952 info: name: VMware vCenter Server LDAP Broken Access Control author: 0xAkoko severity: critic...

9.8CVSS7AI score0.90384EPSS
Exploits20References3
Nuclei
Nuclei
added yesterday45 views

Alerta < 8.1.0 - Authentication Bypass

Alerta prior to version 8.1.0 is prone to authentication bypass when using LDAP as an authorization provider and the LDAP server accepts Unauthenticated Bind requests. id: CVE-2020-26214 info: name: Alerta 8.1.0 - Authentication Bypass author: CasperGN,daffainfo severity: critical description:...

9.8CVSS7AI score0.65933EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago33 views

Jenkins CLI - HTTP Java Deserialization

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. id: CVE-2016-9299 info: name: Jenkins CLI - HTTP Java Deserialization author:...

9.8CVSS7.3AI score0.96943EPSS
Exploits5References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42925

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/usersldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed ...

5.3CVSS5.6AI score0.00203EPSS
Exploits0References5
CVE
CVE
added 4 days ago7 views

CVE-2026-15375

CVE-2026-15375 affects Eleveo Call Recording Software 9.7.0, targeting the LDAP User Interface component via the file /callrec/users_ldap.jsp. The issue is described as improper authorization, with remote initiation possible and public exploit disclosure. The record notes that the vendor was cont...

5.3CVSS5.6AI score0.00203EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-15375 Eleveo Call Recording Software LDAP User users_ldap.jsp improper authorization

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/usersldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed ...

5.3CVSS0.00203EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago5 views

apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection

A flaw was found in Apache CXF. A remote attacker could exploit an LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server. This vulnerability allows the attacker to retrieve arbitrary certificates from the repository, leading to information disclosure...

9.8CVSS7.3AI score0.00722EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.

Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.4AI score0.00969EPSS
Exploits6References33
NVD
NVD
added 5 days ago9 views

CVE-2026-4256

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: through 30042026...

8.2CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago13 views

EUVD-2026-42586

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: through 30042026...

8.2CVSS5.9AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-4256 LDAP Injection in PEAKUP's PassGate

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection. This issue affects PassGate: through 30042026...

8.2CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59269 Privilege Escalation via Active Directory LDAP injection in Pinniped Supervisor can be executed by an attacker who can edit LDAP Group DN entries

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS0.0017EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42518

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS6AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder