720 matches found
EUVD-2025-6692
Malicious code in bioql PyPI...
EUVD-2024-29943
Malicious code in bioql PyPI...
EUVD-2021-28172
Malicious code in bioql PyPI...
EUVD-2023-1523
Malicious code in bioql PyPI...
EUVD-2023-12909
Malicious code in bioql PyPI...
EUVD-2022-35812
Malicious code in bioql PyPI...
EUVD-2021-8278
Malicious code in bioql PyPI...
EUVD-2022-7591
Malicious code in bioql PyPI...
EUVD-2023-1599
Malicious code in bioql PyPI...
CVE-2025-27231
CVE-2025-27231 involves leakage of the LDAP Bind password in Zabbix deployments. According to connected advisories, the issue allows a Super Admin to exfiltrate the Bind password by altering the LDAP Host to a rogue server, even though the password cannot be read after saving under normal conditi...
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
...
RLSA-2025:4491 Moderate: 389-ds-base security update
389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: null pointer dereference leads to denial of service CVE-2025-2487 F...
Apache Kafka Deserialization of Untrusted Data vulnerability
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...
Deserialization of Untrusted Data
Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Deserialization of...
CVE-2023-32987
A cross-site request forgery CSRF vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials...
CVE-2021-3956
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller XCC firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active...
CVE-2021-37935
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searchin...
CVE-2019-3640
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity...
CVE-2019-5591
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server...
CVE-2018-13378
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code...