LDAP Injection
- Risk:
High
- Type:
- Active
- CWE:
- CWE-90
- Summary
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
- Solution
Validate and/or escape all user input before using it to create an LDAP query. In particular, the following characters (or combinations) should be deny listed: & | ! < > = ~= >= <= * ( ) , + - " ' ; \ / NUL character
Oracle silently fixes zero-day exploit leaked by ShinyHunters
CISA: High-severity Windows SMB flaw now exploited in attacks
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
New FileFix attack uses cache smuggling to evade security software
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
New Android Pixnapping attack steals MFA codes pixel-by-pixel
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability
InformationalCross Site Scripting (Persistent) - Spider
Medium.env Information Leak
MediumFile Upload
InformationalGraphQL Server Implementation Identified
HighPath Traversal
Free online web security scanner