CVE-2026-45284 Nextcloud: Wrong condition in the User OIDC app's LdapService allowed deleted LDAP users to authenticate

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

CVE-2026-45284

Nextcloud vulnerability CVE-2026-45284 affects the User OIDC LdapService in the Nextcloud platform. From version 1.3.6 up to, but not including, 8.4.0, an improper check allowed LDAP-authenticated users who had been deleted to continue authenticating via OIDC. This could permit access to accounts...

CVE-2023-29484

In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password...

EUVD-2020-18807

Malware in sbrugna...

EUVD-2021-26246

Malware in sbrugna...

EUVD-2007-0720

Malware in sbrugna...

EUVD-2025-15150

Malicious code in bioql PyPI...

GO-2025-3692 Mattermost Fails to Lockout LDAP Users After Repeated Login Failures in github.com/mattermost/mattermost-server

Mattermost Fails to Lockout LDAP Users After Repeated Login Failures in github.com/mattermost/mattermost-server...

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

RHEL 3 : libuser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libuser creates LDAP users with a default password CVE-2011-0002 Note that Nessus has not tested for this issue but...

Default credentials

In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password...

Error "User not authorized for any operation" for ADM external LDAP users

External LDAP users can't login NetScaler ADM, receive error message:"User not authorized for any operation"...

GHSA-JP3M-VH3G-6GGP Liferay Portal and Liferay DXP fails to properly import users from LDAP

Security LDAP Implementation before 2.0.16 from Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP...

CVE-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

CVE-2021-39890

Removed by vendor...

Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure (2)

Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure 2 Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691...

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)

Exploit for multiple platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium;...

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

http-sap-netweaver-leak NSE Script

Detects SAP Netweaver Portal instances that allow anonymous access to the KM unit navigation page. This page leaks file names, ldap users, etc. SAP Netweaver Portal with the Knowledge Management Unit enable allows unauthenticated users to list file system directories through the URL...

EZSA-2018-005 Passwordless login for LDAP users

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users...