PT-2026-45280

Name of the Vulnerable Software and Affected Versions Apache Directory LDAP API version 2.1.7 Description The LDAP client implementation fails to verify if the server certificate matches the intended LDAP hostname. Although the certificate chain is validated against a trusted authority, the lack ...

CVE-2026-9801

CVE-2026-9801 affects Keycloak. A remote attacker with high privileges (e.g., a realm administrator configuring a malicious LDAP server or compromising an upstream LDAP server) can trigger an OutOfMemoryError by sending a malformed LDAP password policy response during authentication, causing the ...

CVE-2026-35090

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

CVE-2026-35090

CVE-2026-35090 describes an authentication bypass in Slican telephone exchanges, allowing an unauthenticated attacker to remotely manage the control panel by dialing a specific caller ID. The issue enables bypass of admin authentication and full access to the service protocol and configuration pa...

Astra Linux - уязвимость в 389-ds-base

A flaw was discovered in RHDS 11 and RHDS 12. While browsing entries using LDAP, the system attempts to decode the userPassword attribute instead of the userCertificate attribute, which could lead to sensitive information being leaked. An attacker with a local account where cockpit-389-ds is...

CVE-2026-3048

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

PT-2026-39650

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

GHSA-VR7C-R5GJ-J3W5 Lemur: LDAP Authentication Globally Disables TLS Certificate Verification When LDAP_USE_TLS Is Enabled

Description Overview When LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to intercept all...

CVE-2026-31828

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...

Salesforce Marketing Cloud Engagement security vulnerability

Salesforce Marketing Cloud Engagement is a digital marketing automation platform offered by the American company Salesforce. Versions of Salesforce Marketing Cloud Engagement prior to version 2026.1.21 contained security vulnerabilities, which were caused by improper parameter separators,...

PT-2025-44488

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.2.0 Description Nagios Fusion versions prior to 4.2.0 have a stored cross-site scripting XSS issue in the LDAP/AD authentication-server configuration. User input that is not properly sanitized can be stored an...

EUVD-2013-1187

Malware in sbrugna...

EUVD-2022-44359

Malicious code in bioql PyPI...

CVE-2025-35431

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1...

The vulnerability of the implementation of service protocols in the software products of the LLC “NPO ‘MIR’ relates to the transmission of data in an open manner, which allows a perpetrator to disclose the protected information.

The vulnerability of the implementation of service protocols in the software products of the LLC “NPO ‘MIR’ relates to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information.”...

CVE-2020-1823

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

TP-LINK VN020 安全漏洞

TP-LINK VN020 is a wireless modem from China P&L TP-LINK. A security vulnerability exists in TP-LINK VN020 F3vT TTV6.2.1021 version, which originates from the component Incomplete SOAP Request Handler and is susceptible to denial-of-service attacks...

OESA-2024-2402 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

CVE-2023-41183

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

phpIPAM Injection Vulnerability

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. An injection vulnerability exists in versions prior to Phpipam v1.5.2, which stems from the dname parameter in /users/ad-search-result.php containing an LDAP injection vulnerability that allows an attacker to...