Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-90

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

56 vulnerabilities with CWE-90

CVE-2026-33609 MEDIUM

LDAP DN injection

CVE-2026-40606 MEDIUM

ProxyAuth Addon LDAP Injection in mitmproxy

CVE-2026-40459 HIGH

LDAP Injection in PAC4J

CVE-2026-40193 HIGH

Maddy Mail Server: LDAP Filter Injection via Unsanitized Username

CVE-2026-0636 MEDIUM

LDAP Injection Vulnerability in LDAPStoreHelper.java

CVE-2026-39962 CRITICAL

LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable

CVE-2026-34578 HIGH

OPNsense has an LDAP Injection via Unsanitized Username in Authentication

CVE-2026-29138 HIGH

PGP Decryption Sender LDAP Injection

CVE-2026-29131 HIGH

PGP Decryption Recipient LDAP Injection

CVE-2026-27860 LOW

OX Dovecot Pro <3.1.0 - Auth Bypass

CVE-2026-33751 MEDIUM

n8n Vulnerable to LDAP Filter Injection in LDAP Node

CVE-2026-33289 HIGH

SuiterCRM has LDAP Filter Injection in Authentication Module

CVE-2026-31828 HIGH

Parse Server <9.5.2-alpha.13/8.6.26 - LDAP Injection

CVE-2026-25560 CRITICAL

Wekan < 8.19 - LDAP Injection

CVE-2026-1498 HIGH

WatchGuard Fireware OS - Info Disclosure

CVE-2026-24130 MEDIUM

Moonraker <0.9.3 - LDAP Injection

CVE-2026-21880 MEDIUM

Kanboard < 1.2.49 - Information Disclosure

CVE-2025-67493 HIGH

Homarr < 1.45.3 - Improper Input Validation

CVE-2025-12764 HIGH

pgAdmin <= 9.9 - SQL Injection

CVE-2025-35431 MEDIUM

Cisa Thorium < 1.1.1 - LDAP Injection

CVE-2025-48208 HIGH

Apache Hertzbeat < 1.7.3 - LDAP Injection

CVE-2025-52575 MEDIUM

Espocrm < 9.1.7 - LDAP Injection

CVE-2025-4573 MEDIUM

Mattermost Server < 9.11.14 - LDAP Injection

CVE-2025-27686 LOW

Dell Unisphere For Powermax < 9.2.4.15 - LDAP Injection

CVE-2025-27631 MEDIUM

TRMTracker - Code Injection

Page 1 of 3 Next

Details

Vulnerabilities 56

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy