LDAP vulnerabilities
Showing 1 - 5 of 5 CVEs
- CVE-2026-48919 Published May 27, 2026
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
- CVE-2026-48918 Published May 27, 2026
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
- CVE-2026-48844 Published May 25, 2026
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
- CVE-2025-21293 Published Jan 14, 2025
Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2024-49112 Published Dec 12, 2024
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
medium 6.6
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
medium 6.6
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
high 7.5
Active Directory Domain Services Elevation of Privilege Vulnerability
high 8.8
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
critical 9.8