CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

NVD•added 2026/06/09 5:16 a.m.•11 views

CVE-2026-41720

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS0.00257EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 3:48 a.m.•6 views

CVE-2026-41720 Authentication Bypass with Empty Password in Spring LDAP

7.4CVSS5.4AI score0.00257EPSS

Exploits0References1

CVE•added 2026/06/09 3:48 a.m.•41 views

CVE-2026-41720

CVE-2026-41720 affects Spring LDAP, where DirContextAuthenticationStrategy implementations fail to reject a bind request that uses a non-empty username with an empty or null password. Affected versions include 2.4.0–2.4.4, 3.2.0–3.2.17, 3.3.0–3.3.7, and 4.0.0–4.0.3. The CVE description in both th...

7.4CVSS5.4AI score0.00257EPSS

Exploits0References1

CNNVD•added 2026/06/09 12:0 a.m.•9 views

VMware Spring LDAP 授权问题漏洞

VMware Spring LDAP is an LDAP directory service integration framework developed by the American company VMware. There were vulnerabilities related to authorization in versions of VMware Spring LDAP from 2.4.0 to 2.4.4, 3.2.0 to 3.2.17, 3.3.0 to 3.3.7, and 4.0.0 to 4.0.3. These vulnerabilities...

7.4CVSS5.3AI score0.00257EPSS

Exploits0References1

Snyk•added 2026/06/08 12:0 a.m.•6 views

Incorrect Implementation of Authentication Algorithm

Overview org.springframework.ldap:spring-ldap-core is a maven plugin for LDAP for Sping. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via LDAP authentication handling in DirContextAuthenticationStrategy implementations. An attacker can...

8.9CVSS5.5AI score0.00257EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-4787

Malicious code in bioql PyPI...

8.1CVSS8AI score0.02606EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-3490

Malicious code in bioql PyPI...

3.7CVSS6.3AI score0.00369EPSS

Exploits0References3

Tenable Nessus•added 2025/08/30 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2024-38829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through...

5.3CVSS6.7AI score0.00631EPSS

Exploits1References3

Veracode•added 2024/12/16 6:55 a.m.•12 views

Sensitive Information Exposure

org.springframework.ldap:spring-ldap-core is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of case conversions using String.toLowerCase and String.toUpperCase methods, which can have locale-dependent exceptions. This may lead to unintended columns bei...

3.7CVSS4AI score0.00369EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2024/12/04 11:12 p.m.•24 views

CVE-2024-38829

A flaw was found in Spring LDAP. The usage of String.toLowerCase and String.toUpperCase has some locale dependent exceptions that could result in unintended columns being queried...

3.7CVSS6.6AI score0.00369EPSS

Exploits0References4

vulnersOsv•added 2024/12/04 9:30 p.m.•6 views

ai.wavemaker.runtime:wavemaker-app-runtime-core (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404), cc.zzzyu.nacos:default-auth-plugin (=3.1.1) +140 more potentially affected by CVE-2024-38829 via org.springframework.ldap:spring-ldap-core (>=3.0.0 <=3.2.7)

org.springframework.ldap:spring-ldap-core MAVEN version =3.0.0, =1.0.0-20260516144515, =0.0.11, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.11.5 and more Source cves: CVE-2024-38829 Source advisory: OSV:GHSA-MQVR-2RP8-J7H4...

3.7CVSS5.4AI score0.00369EPSS

Exploits0

vulnersOsv•added 2024/12/04 9:30 p.m.•4 views

be.dnsbelgium:rdap-server (>=0.3.3 <=1.1.0), cc.chensoul.nacos:core-test (=2.5.2) +866 more potentially affected by CVE-2024-38829 via org.springframework.ldap:spring-ldap-core (>=1.3.0.RELEASE <=2.4.2)

org.springframework.ldap:spring-ldap-core MAVEN version =1.3.0.RELEASE, =0.3.3, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.567.22 and more Source cves: CVE-2024-38829 Source advisory: OSV:GHSA-MQVR-2RP8-J7H4...

3.7CVSS5.4AI score0.00369EPSS

Exploits0

OSV•added 2024/12/04 9:30 p.m.•0 views

GHSA-MQVR-2RP8-J7H4 Spring LDAP data exposure vulnerability

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

6.3CVSS6.8AI score0.00369EPSS

Exploits0References3