Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-90 (LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)) — Vulnerability Class 40

40 vulnerabilities classified as CWE-90 (LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2026-40606 ProxyAuth Addon LDAP Injection in mitmproxy — mitmproxy 4.8 Medium2026-04-21
CVE-2026-40459 LDAP Injection in PAC4J — PAC4J 8.1AIHighAI2026-04-17
CVE-2026-40193 Maddy Mail Server: LDAP Filter Injection via Unsanitized Username — maddy 8.2 High2026-04-15
CVE-2026-0636 LDAP Injection Vulnerability in LDAPStoreHelper.java — BC-JAVA 9.8 -2026-04-15
CVE-2026-39962 LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable — MISP 8.2AIHighAI2026-04-09
CVE-2026-34578 OPNsense has an LDAP Injection via Unsanitized Username in Authentication — core 8.2 High2026-04-09
CVE-2026-29138 PGP Decryption Sender LDAP Injection — Secure Email Gateway 4.3AIMediumAI2026-04-02
CVE-2026-29131 PGP Decryption Recipient LDAP Injection — Secure Email Gateway 6.5AIMediumAI2026-04-02
CVE-2026-27860 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 3.7 Low2026-03-27
CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node — n8n 8.2 -2026-03-25
CVE-2026-33289 SuiterCRM has LDAP Filter Injection in Authentication Module — SuiteCRM 8.8 High2026-03-19
CVE-2026-31828 Parse Server has an LDAP injection via unsanitized user input in DN and group filter construction — parse-server 8.8AIHighAI2026-03-10
CVE-2026-25560 WeKan < 8.19 LDAP Authentication Filter Injection — WeKan 7.5AIHighAI2026-02-07
CVE-2026-1498 WatchGuard Firebox LDAP Injection — Fireware OS 7.5AIHighAI2026-01-30
CVE-2026-24130 Moonraker with LDAP Enabled Allows Malicious Search Filter Injection — moonraker 7.5 -2026-01-22
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure — kanboard 5.3 Medium2026-01-08
CVE-2025-35431 CISA Thorium LDAP injection — Thorium 5.4 Medium2025-09-17
CVE-2025-48208 Apache HertzBeat (incubating): Jmx JNDI injection vulnerability — Apache HertzBeat (incubating) 8.8AIHighAI2025-09-09
CVE-2025-52575 EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements — espocrm 6.5 Medium2025-07-21
CVE-2025-4573 LDAP Injection in Mattermost Enterprise Edition When Using Active Directory — Mattermost 4.1 Medium2025-06-11
CVE-2025-27686 Dell Unisphere和Dell PowerMax 注入漏洞 — Unisphere for PowerMax 2.7 Low2025-04-07
CVE-2025-27631 Hitachi Energy TRMTracker 注入漏洞 — TRMTracker 6.5 Medium2025-03-25
CVE-2024-56841 Siemens Mendix 注入漏洞 — Mendix LDAP 7.4 High2025-01-14
CVE-2024-27310 DOS Vulnerability — ADSelfService Plus 5.3 Medium2024-05-27
CVE-2023-51446 GLPI LDAP Injection during authentication — glpi 5.9 Medium2024-02-01
CVE-2023-31025 CVE — DGX A100 6.5 Medium2024-01-12
CVE-2023-29050 Open-Xchange App Suite 安全漏洞 — OX App Suite 7.6 High2024-01-08
CVE-2023-6905 Jahastech NxFilter Bind Request ldap injection — NxFilter 4.3 Medium2023-12-17
CVE-2023-3447 Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection — Active Directory Integration / LDAP Integration 7.6 High2023-06-29
CVE-2023-28853 Mastodon's blind LDAP injection in login allows the attacker to leak arbitrary attributes from LDAP database — mastodon 7.7 High2023-04-04

Vulnerabilities classified as CWE-90 (LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)) represent 40 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.