Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2025/06/12 3:11 a.m.8 views

Remote Code Execution (RCE)

org.apache.kafka, kafka is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation and unrestricted setting of the sasl.jaas.config property in Kafka Connect configurations, which allows an attacker to specify malicious LDAP login modules that trigger unsafe Java...

8.8CVSS8.9AI score0.00682EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKBadded 2025/06/10 8:15 a.m.3 views

CVE-2025-27818

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...

8.8CVSS5.9AI score0.00682EPSS
Exploits0References2Affected Software1
CNVD
CNVDadded 2021/01/29 12:0 a.m.7 views

Apache ActiveMQ Authorization Issues Vulnerability

Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. An authorization issue vulnerability exists in the Apache ActiveMQ LDAP login module, which stems from an...

7.5CVSS8AI score0.09941EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2018/03/07 10:33 a.m.1 views

OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449)

It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class...

4.3CVSS7.4AI score0.00478EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2017/01/19 1:59 p.m.3 views

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...

5.8CVSS7.3AI score0.00381EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2013/03/12 12:0 a.m.2 views

PT-2013-1816 · Red Hat · Red Hat Jboss Enterprise Application Platform +1

Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions 4.3.0 CP10 through 6.0.1 JBoss Enterprise Web Platform EWP version 5.2.0 Description: The default configuration of the LdapLoginModule and LdapExtLoginModule modules allows remote attackers t...

7.5CVSS5.8AI score0.00788EPSS
Exploits0References12
RedHat Linux
RedHat Linuxadded 2013/02/04 11:20 p.m.1 views

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

7.5CVSS5.9AI score0.00788EPSS
Exploits0References4
Rows per page
Query Builder