Lucene search
K

241 matches found

EUVD
EUVD
added 15 hours ago5 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score
Exploits0References2
NVD
NVD
added 3 days ago8 views

CVE-2026-13368

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...

9.2CVSS0.00588EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-435 Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

9.1CVSS6AI score0.01461EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Samba

A vulnerability related to information leaks was discovered in Samba’s LDAP server. Due to missing access control checks, a authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...

4.3CVSS6.2AI score0.01168EPSS
Exploits1References2
NCSC
NCSC
added 2026/06/17 9:28 a.m.12 views

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

10CVSS5.9AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.13 views

WatchGuard FireboxV LDAP Race Condition

WatchGuard FireboxV with firmware version 12.11.6 Build B728370 suffers from a race condition in rscryptosetupldapserver libpkicli.so that allows two concurrently-processed IKEv1 Aggressive Mode packets to trigger a double-free and use-after-Free on the global LDAP connection handle. The research...

5.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.6 views

CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. RFC 4513 Section 5.1.2 defines this as an unauthenticated bind. On LDAP servers that permit such binds, an attacker with a valid usernam...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/21 8:16 a.m.17 views

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS0.00245EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in curl

There is an improper authentication vulnerability in curl versions 7.33.0 through and including 7.82.0. This vulnerability may allow for the reuse of OAUTH2-authenticated connections without ensuring that the connection was authentically verified with the same credentials used for this transfer...

8.1CVSS6.5AI score0.01914EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 1:8 a.m.6 views

LDAP Injection

Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to LDAP Injection through the Ldap authentication handler in mitmproxy/addons/proxyauth.py. An attacker can...

8.3CVSS5.8AI score0.00166EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/03/30 11:0 a.m.9 views

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

9.8CVSS6.9AI score0.00739EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/25 9:9 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including administrative accounts, by setting their LDAP email attribute to match the...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

MinIO 安全漏洞

MinIO is an open-source object storage server provided by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions prior to MinIO RELEASE.2026-03-17T21-25-16Z contained a security vulnerability. This...

9.1CVSS6.4AI score0.00394EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.7 views

PT-2025-47785

Name of the Vulnerable Software and Affected Versions Vault Terraform Provider versions prior to 5.5.0 Description The Vault Terraform Provider was configured with an insecure default setting for the LDAP auth method. Specifically, the deny null bind parameter defaulted to false, which could allo...

7.4CVSS6.8AI score0.00492EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.8 views

PT-2025-44500

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.3 Description Nagios XI, under certain circumstances, reveals the server's Active Directory AD or Lightweight Directory Access Protocol LDAP authentication token to a user who is already authenticated. This...

9.8CVSS6.8AI score0.01794EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

Nagios Network Analyzer 安全漏洞

Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in Nagios Network Analyzer versions prior to 2024R2.0.1, which stems from improper cleanup of inputs to the LDAP certificate management feature and coul...

8.6CVSS7.7AI score0.01302EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-10155

Malware in sbrugna...

8.6CVSS8.2AI score0.02518EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-35406

Malicious code in bioql PyPI...

7.8CVSS8.1AI score0.01206EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-35349

Malicious code in bioql PyPI...

9.3CVSS8.7AI score0.02346EPSS
Exploits0References2
Rows per page
Query Builder