Falhas do tipo CWE-90
57 resultadosCVE-2026-39962HIGHLDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variableEPSS 0.3%CVE-2026-27860LOWIf auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially EPSS 0.3%CVE-2025-35431MEDIUMCISA Thorium LDAP injectionEPSS 0.3%CVE-2026-24130LOWMoonraker with LDAP Enabled Allows Malicious Search Filter InjectionEPSS 0.3%CVE-2025-67493HIGHHomarr: missing input sanitization and possible privilege escalation through ldap search query injectionEPSS 0.3%CVE-2025-27631MEDIUMThe TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execuEPSS 0.3%CVE-2026-33751MEDIUMn8n Vulnerable to LDAP Filter Injection in LDAP NodeEPSS 0.2%CVE-2026-33609MEDIUMLDAP DN injectionEPSS 0.2%CVE-2025-4573MEDIUMLDAP Injection in Mattermost Enterprise Edition When Using Active DirectoryEPSS 0.2%CVE-2026-45559MEDIUMRoxy-WI: LDAP injection in /user/ldap/<username> (admin-only)EPSS 0.2%CVE-2025-27686LOWDell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper NeutralizaEPSS 0.2%CVE-2026-29131MEDIUMPGP Decryption Recipient LDAP InjectionEPSS 0.2%CVE-2026-29138MEDIUMPGP Decryption Sender LDAP InjectionEPSS 0.2%CVE-2026-57288LOWJenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows nativEPSS 0.2%CVE-2026-44063MEDIUMLDAP filter injectionEPSS 0.2%CVE-2026-44304HIGHLemur: LDAP Filter Injection enables post-authentication privilege escalationEPSS 0.2%CVE-2026-40606MEDIUMProxyAuth Addon LDAP Injection in mitmproxyEPSS 0.2%