EUVD-2026-35140

Snipe-IT: Bulk editing users allowed ldapimport and activatedin bulk editing users...

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

CVE-2026-48507 Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

CVE-2026-48507

Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...

PT-2026-47386

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description An issue in this IT asset and license management system allows a non-admin user with the users.edit permission to lock all administrators out of the instance. This is achieved by modifying the...

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator users to have the "users.edit" permission, allowing them to...

CVE-2025-34270 Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other...

Liferay Portal Vulnerable to Information Exposure Through a Log File Vulnerability in LDAP Import Feature

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

CVE-2025-62262

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

CVE-2025-62262

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

CVE-2025-62262

CVE-2025-62262 : Information exposure in Liferay Portal/DXP via a log-file vulnerability in the LDAP import feature. Affected: Liferay Portal 7.4.0–7.4.3.97, older unsupported Portal, Liferay DXP 2023.Q3.1–2023.Q3.4, and various 7.4/7.3 lines up to specified updates. Local users can view user ema...

EUVD-2009-4336

Malware in sbrugna...

EUVD-2023-42509

Malicious code in bioql PyPI...

CVE-2021-38266

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign ...

Liferay Portal and Liferay DXP fails to properly import users from LDAP

Security LDAP Implementation before 2.0.16 from Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP...

CVE-2021-38266

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign ...

PT-2022-10706 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.1 and earlier Liferay DXP versions 7.0 through 7.0 before fix pack 90 Liferay DXP versions 7.1 through 7.1 before fix pack 17 Liferay DXP versions 7.2 through 7.2 before fix pack 5 Description: The issue concerns t...

CVE-2009-4368

Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the 1 ping tool, 2 traceroute tool, and 3 ldap import, possibly related to improper authentication...

CVE-2009-4368

Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the 1 ping tool, 2 traceroute tool, and 3 ldap import, possibly related to improper authentication...