279 matches found
CVE-2026-12804
A flaw was found in lemonldap-ng. A remote attacker could exploit this vulnerability by manipulating the 'url' argument within the SAML Common Domain Cookie Endpoint. This manipulation results in an open redirect, potentially leading to users being redirected to arbitrary malicious websites...
Linux Distros Unpatched Vulnerability : CVE-2026-12804
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of...
UBUNTU-CVE-2026-12804
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is...
DEBIAN-CVE-2026-12804
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
CVE-2026-12804
Affected software: lemonldap-ng up to 2.23.0. Vulnerable component/file: lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm within the SAML Common Domain Cookie Endpoint. Root cause: manipulation of the argument url causes an open redirect. Impact: enables remote exploitation; attack vector is ne...
CVE-2026-12804
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
EUVD-2026-38190
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
CVE-2026-12804 lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
CVE-2026-12804
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
[SECURITY] [DLA 4602-1] lemonldap-ng security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4602-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 28, 2026 https://wiki.debian.org/LTS -...
Debian dla-4602 : lemonldap-ng - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4602 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4602-1 [email protected]...
[SECURITY] Fedora 43 Update: lemonldap-ng-2.22.3-1.fc43
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
Fedora 42 : lemonldap-ng (2026-69743812a7)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-69743812a7 advisory. Update to 2.22.3 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-3-is-out/ Tenable has extracted the preceding description block directly from t...
Fedora 43 : lemonldap-ng (2026-38914f4e04)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-38914f4e04 advisory. Update to 2.22.3 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-3-is-out/ Tenable has extracted the preceding description block directly from t...
Fedora 44 : lemonldap-ng (2026-6c8dcaf023)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6c8dcaf023 advisory. Update to 2.22.3 https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-3-is-out/ Tenable has extracted the preceding description block directly from t...
CVE-2025-31510
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...
CVE-2025-31510
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...
UBUNTU-CVE-2025-31510
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...
CVE-2025-31510
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...
CVE-2025-31510
In LemonLDAP::NG prior to 2.21.0, the login page exposes a cross-site scripting (XSS) vulnerability via the tab parameter used with Choice authentication. A remote attacker could inject arbitrary script/HTML through this parameter. The issue is documented across multiple sources (NVD, OSV, Debian...