BIT-MINIO-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit

MinIO is a high-performance object storage system. Prior to 2026.03.17, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration,...

EUVD-2026-5033

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...

Denial of Service (DoS)

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Denial of Service DoS via the username from the login form which inserted into the LDAP search filter without escaping. An attacker can cause the server and client to process excessive data by injecting...

EUVD-2010-0947

Malware in sbrugna...

EUVD-2011-1562

Malware in sbrugna...

EUVD-2012-3365

Malware in sbrugna...

EUVD-2020-26377

Malware in sbrugna...

EUVD-2023-41365

Malicious code in bioql PyPI...

Remote Code Execution (RCE)

org.apache.kafka, kafka is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation and unrestricted setting of the sasl.jaas.config property in Kafka Connect configurations, which allows an attacker to specify malicious LDAP login modules that trigger unsafe Java...

CVE-2025-27818

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...

CVE-2025-27818 Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...

CVE-2024-8715

The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2020-5130

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction DNS due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier...

CVE-2010-0922

Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service LDAP login failure via unknown vectors. NOTE: some of these details are obtained from third party information. NOTE: there may be no attacker role, and the issue may be...

CVE-2011-1561

The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldapauth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password...

CVE-2025-31947 Repeated LDAP login failures can lock an LDAP account

Mattermost versions 10.6.x = 10.6.1, 10.5.x = 10.5.2, 10.4.x = 10.4.4, 9.11.x = 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost...

WordPress ldap_login_password_and_role_manager plugin <= 1.0.12 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin ldaploginpasswordandrolemanager versions = 1.0.12...

PT-2025-4539 · Unknown · Ldap Login Password/Role Manager

Name of the Vulnerable Software and Affected Versions: ldap login password and role manager versions 1.0.12 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an...

WordPress plugin ldap_login_password_and_role_manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Simple LDAP Login Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple LDAP Login Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7ab689130b50 Credits vgo0 Required...