241 matches found
EUVD-2026-41848
uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...
CVE-2026-13368
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that...
PYSEC-2026-435 Open WebUI has an LDAP Empty Password Authentication Bypass
LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...
Astra Linux – Vulnerability in Samba
A vulnerability related to information leaks was discovered in Samba’s LDAP server. Due to missing access control checks, a authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store...
Vulnerabilities in Oracle Fusion Middleware products
Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...
CVE-2026-35563
It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid...
WatchGuard FireboxV LDAP Race Condition
WatchGuard FireboxV with firmware version 12.11.6 Build B728370 suffers from a race condition in rscryptosetupldapserver libpkicli.so that allows two concurrently-processed IKEv1 Aggressive Mode packets to trigger a double-free and use-after-Free on the global LDAP connection handle. The research...
CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. RFC 4513 Section 5.1.2 defines this as an unauthenticated bind. On LDAP servers that permit such binds, an attacker with a valid usernam...
CVE-2026-44052
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...
Astra Linux – Vulnerability in curl
There is an improper authentication vulnerability in curl versions 7.33.0 through and including 7.82.0. This vulnerability may allow for the reuse of OAUTH2-authenticated connections without ensuring that the connection was authentically verified with the same credentials used for this transfer...
LDAP Injection
Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to LDAP Injection through the Ldap authentication handler in mitmproxy/addons/proxyauth.py. An attacker can...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including administrative accounts, by setting their LDAP email attribute to match the...
MinIO 安全漏洞
MinIO is an open-source object storage server provided by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions prior to MinIO RELEASE.2026-03-17T21-25-16Z contained a security vulnerability. This...
PT-2025-47785
Name of the Vulnerable Software and Affected Versions Vault Terraform Provider versions prior to 5.5.0 Description The Vault Terraform Provider was configured with an insecure default setting for the LDAP auth method. Specifically, the deny null bind parameter defaulted to false, which could allo...
PT-2025-44500
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.3 Description Nagios XI, under certain circumstances, reveals the server's Active Directory AD or Lightweight Directory Access Protocol LDAP authentication token to a user who is already authenticated. This...
Nagios Network Analyzer 安全漏洞
Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in Nagios Network Analyzer versions prior to 2024R2.0.1, which stems from improper cleanup of inputs to the LDAP certificate management feature and coul...
EUVD-2019-10155
Malware in sbrugna...
EUVD-2022-35406
Malicious code in bioql PyPI...
EUVD-2022-35349
Malicious code in bioql PyPI...