571 matches found
CVE-2026-13368
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...
CVE-2026-13368
WatchGuard Fireware OS contains a race condition that leads to a use-after-free in LDAP authentication for Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this to execute arbitrary code in the iked process on Fireboxes configured to use an external LDAP authentication ...
CVE-2026-13368
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...
MAL-2026-6529 Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbe41ed7d4257171c43c1047d7fde036575b57305b26d18cec61d1f1a20d33b1 The package ships a binding.gyp at the package root containing GYP command-expansion syntax !... in its sources/targets configuration binding.gyp lin...
MAL-2026-6528 Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e447b204a3dbe39ad2390ad721dfc14f32b64e2c27d8b4efaf99a27e9cde7b92 The package ships a binding.gyp at the tarball root that contains GYP command-expansion syntax !... / !@... in its sources/targets configuration...
Incorrect Implementation of Authentication Algorithm
Overview org.springframework.ldap:spring-ldap-core is a maven plugin for LDAP for Sping. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via LDAP authentication handling in DirContextAuthenticationStrategy implementations. An attacker can...
CVE-2026-39455
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not evaluat...
CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...
Debian dla-4611 : keystone - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4611 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4611-1 [email protected]...
CVE-2026-46745
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000160874)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160874 advisory. When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP...
CVE-2026-44551
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...
CVE-2026-44551 Open WebUI: LDAP Empty Password Authentication Bypass
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...
CVE-2026-44551
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...
CVE-2026-44304
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-39455
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...
K000160874: BIG-IP Configuration utility vulnerability CVE-2026-39455
Security Advisory Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. CVE-2026-39455 Impact The Configuration utility stops...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017774)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017774 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 8.0.21 and prior. Easily...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017776)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017776 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.2...
Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017775)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017775 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and 8.0.2...