Lucene search
K

571 matches found

NVD
NVD
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS0.00646EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:6 p.m.80 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition that leads to a use-after-free in LDAP authentication for Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this to execute arbitrary code in the iked process on Fireboxes configured to use an external LDAP authentication ...

9.2CVSS6.2AI score0.00646EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:6 p.m.10 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS6.2AI score0.00646EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 3:42 p.m.5 views

MAL-2026-6529 Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe41ed7d4257171c43c1047d7fde036575b57305b26d18cec61d1f1a20d33b1 The package ships a binding.gyp at the package root containing GYP command-expansion syntax !... in its sources/targets configuration binding.gyp lin...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/06/26 3:42 p.m.8 views

MAL-2026-6528 Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e447b204a3dbe39ad2390ad721dfc14f32b64e2c27d8b4efaf99a27e9cde7b92 The package ships a binding.gyp at the tarball root that contains GYP command-expansion syntax !... / !@... in its sources/targets configuration...

6.5AI score
Exploits0References5
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Incorrect Implementation of Authentication Algorithm

Overview org.springframework.ldap:spring-ldap-core is a maven plugin for LDAP for Sping. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via LDAP authentication handling in DirContextAuthenticationStrategy implementations. An attacker can...

8.9CVSS5.5AI score0.00257EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-39455

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not evaluat...

8.7CVSS5.5AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 12:48 p.m.42 views

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...

8.2CVSS0.00353EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.11 views

Debian dla-4611 : keystone - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4611 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4611-1 [email protected]...

8.8CVSS5.6AI score0.00446EPSS
Exploits6References16
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:41 a.m.8 views

CVE-2026-46745

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

5.8AI score0.00574EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.37 views

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000160874)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160874 advisory. When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP...

8.7CVSS5.8AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.12 views

CVE-2026-44551

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS5.8AI score0.01461EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:59 p.m.9 views

CVE-2026-44551 Open WebUI: LDAP Empty Password Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS5.8AI score0.01461EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:59 p.m.5 views

CVE-2026-44551

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

9.1CVSS5.8AI score0.01461EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.7 views

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.6 views

CVE-2026-39455

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS0.003EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/05/13 12:25 p.m.13 views

K000160874: BIG-IP Configuration utility vulnerability CVE-2026-39455

Security Advisory Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. CVE-2026-39455 Impact The Configuration utility stops...

8.7CVSS5.7AI score0.003EPSS
Exploits0Affected Software11
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017774)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017774 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 8.0.21 and prior. Easily...

8CVSS6.9AI score0.01184EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017776)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017776 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.2...

6.8CVSS6.7AI score0.0178EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017775 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.2...

6.5CVSS5.8AI score0.01562EPSS
Exploits0References4
Rows per page
Query Builder