CVE-2026-44052

CVE-2026-44052 affects Netatalk versions 2.1.0 through 4.4.2, where ldap simple-bind passwords are exposed in log output. The underlying issue is log exposure of LDAP credentials, enabling an attacker with log access to obtain credentials. The vulnerability is fixed in Netatalk 4.4.3. As per the ...

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

Linux Distros Unpatched Vulnerability : CVE-2025-27231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate...

EUVD-2015-7412

Malware in sbrugna...

EUVD-2008-5400

Malware in sbrugna...

EUVD-2018-7616

Malware in sbrugna...

EUVD-2011-2212

Malware in sbrugna...

EUVD-2018-11874

Malware in sbrugna...

EUVD-2013-1965

Malware in sbrugna...

EUVD-2011-2048

Malware in sbrugna...

EUVD-2024-2624

Malicious code in bioql PyPI...

EUVD-2021-30329

Malicious code in bioql PyPI...

EUVD-2022-0407

Malicious code in bioql PyPI...

Akira Ransomware Group Utilizing SonicWall Devices for Initial Access

Latest update – September 18, 2025 On September 17, 2025, SonicWall disclosed a security breach affecting all SonicWall customers with MySonicWall.com cloud backups enabled. The firm detected suspicious activity targeting MySonicWall.com, through which threat actors were able to access backup...

CVE-2024-25655

Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allows members with read access to the application database to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP...

CVE-2021-43394

Unisys OS 2200 Messaging Integration Services NTSI 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated...

CVE-2018-15748

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.152335dn MFP 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of t...

CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

CVE-2023-25495

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...

[NetScaler] LDAP password can be changed with an incorrect Radius Passcode

Below is an example of common 2Factor authentication flow: Root factor: Start Login Schema XML = /nsconfig/loginschema/LoginSchema/DualAuth.xml Adv Authn Policy = LDAPPol Rule = true Action = LDAPAct Next Factor if Success = RadiusFactor Login Schema Profile = LSCHEMAINT Adv Authn Policy =...