Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

CVE-2025-67719

Summary: CVE-2025-67719 affects Ibexa’s User Bundle in the Ibexa DXP. Versions 5.0.0-beta1–5.0.3 lack proper password-change validation due to an error introduced during the v4→v5 transition, allowing a logged-in attacker with an unattended session to change a user’s password without knowing the ...

CVE-2025-67719 Ibexa User Bundle is missing password change validation

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

Nextcloud Access Control Error Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Server that stems from a lack of password validation...