Lucene search
K

1528 matches found

nuclei
nuclei
added 14 hours ago173 views

Hoverfly < 1.10.3 - Arbitrary File Read

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS6.2AI score0.55864EPSS
Exploits3References2
euvd
euvd
added 2026/07/06 8:12 a.m.6 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
nvd
nvd
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS0.00646EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.8 views

PT-2026-55327

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description A race condition leads to a use-after-free issue in LDAP...

9.2CVSS6.3AI score0.00646EPSS
Exploits0References13
osv
osv
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-435 Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

9.1CVSS6AI score0.01461EPSS
Exploits1References5
osv
osv
added 2026/06/19 12:1 a.m.7 views

RLSA-2026:26459 Important: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: unbounded LDAP controls count in...

7.5CVSS5.3AI score0.00815EPSS
Exploits0References2
ncsc
ncsc
added 2026/06/17 9:28 a.m.15 views

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

10CVSS5.9AI score0.00565EPSS
Exploits0References1
redhat
redhat
added 2026/06/17 12:44 a.m.8 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.17 views

PT-2026-49907

Name of the Vulnerable Software and Affected Versions Oracle Unified Directory versions 12.2.1.4.0 Oracle Unified Directory versions 14.1.2.1.0 Description An issue in the OUD Core component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via LDAP Lightweight...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References5
osv
osv
added 2026/06/11 6:54 p.m.11 views

USN-8423-1 lwip vulnerabilities

It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8597 It was...

10CVSS9.6AI score0.19431EPSS
Exploits4References5
redhatcve
redhatcve
added 2026/06/11 8:59 a.m.12 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/06/11 12:0 a.m.16 views

WatchGuard FireboxV LDAP Race Condition

WatchGuard FireboxV with firmware version 12.11.6 Build B728370 suffers from a race condition in rscryptosetupldapserver libpkicli.so that allows two concurrently-processed IKEv1 Aggressive Mode packets to trigger a double-free and use-after-Free on the global LDAP connection handle. The research...

5.5AI score
Exploits0
cve
cve
added 2026/06/10 2:2 p.m.29 views

CVE-2026-45559

CVE-2026-45559 affects Roxy-WI web interface (versions ≤ 8.2.6.4). The vulnerability arises from get_ldap_email in app/modules/roxywi/user.py, where the LDAP search filter is built via string concatenation and the URL username parameter is used verbatim without input validation or LDAP escaping. ...

4.9CVSS5.5AI score0.00234EPSS
Exploits0References1
euvd
euvd
added 2026/06/10 12:26 a.m.11 views

EUVD-2026-35915

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS5.5AI score0.00246EPSS
Exploits0References7
packetstormnews
packetstormnews
added 2026/06/10 12:0 a.m.9 views

A Robust Framework for Sybil Attack Detection in Vehicular Ad Hoc Networks

Sybil attacks create an illusion of traffic congestion by utilizing fake identities, which undermines the reliable and safe operation of vehicular ad hoc networks VANETs. Existing detection mechanisms struggle to effectively handle Sybil attacks as they are i susceptible to high false positive...

5.3AI score
Exploits0
spring
spring
added 2026/06/08 12:0 a.m.6 views

CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. RFC 4513 Section 5.1.2 defines this as an unauthenticated bind. On LDAP servers that permit such binds, an attacker with a valid usernam...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
packetstormnews
packetstormnews
added 2026/06/07 12:0 a.m.25 views

NCMD: Benign-Anchored Feature Selection for Imbalanced Network Intrusion Detection

Feature selection is critical for network intrusion detection systems NIDS operating under high-dimensional, highly imbalanced traffic, as found in operational and defense networks. Traditional filter methods rank features using global statistics computed symmetrically across classes and thus fai...

5.5AI score
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:26 p.m.10 views

CVE-2026-48559

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.5AI score0.00171EPSS
Exploits1References1
fedora
fedora
added 2026/06/05 4:27 a.m.12 views

[SECURITY] Fedora 44 Update: transmission-4.1.2-1.fc44

Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end...

5.3CVSS5.8AI score0.00305EPSS
Exploits0
fedora
fedora
added 2026/06/05 4:10 a.m.12 views

[SECURITY] Fedora 43 Update: transmission-4.1.2-1.fc43

Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end...

5.3CVSS5.8AI score0.00305EPSS
Exploits0
Rows per page
Query Builder