Description
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
CVE vulnerabilities with CWE-90 (70)
9.8
CVSS
CRITICAL
CVE-2026-44930
pub. 2026-05-22
9.8
CVSS
CRITICAL
CVE-2024-54852
pub. 2025-01-29
9.8
CVSS
CRITICAL
CVE-2024-33868
pub. 2024-05-14
9.8
CVSS
CRITICAL
CVE-2021-43350
pub. 2021-11-11
9.8
CVSS
CRITICAL
CVE-2011-4069
pub. 2018-02-01
9.8
CVSS
CRITICAL
CVE-2017-14596
pub. 2017-09-20
9.8
CVSS
CRITICAL
CVE-2017-8790
pub. 2017-05-05
9.8
CVSS
CRITICAL
CVE-2016-9299
pub. 2017-01-12
9.1
CVSS
CRITICAL
CVE-2026-41919
pub. 2026-05-19
9.1
CVSS
CRITICAL
CVE-2024-56841
pub. 2025-01-14
8.8
CVSS
HIGH
CVE-2026-49268
pub. 2026-06-17
8.8
CVSS
HIGH
CVE-2026-39962
pub. 2026-04-09
8.8
CVSS
HIGH
CVE-2026-33289
pub. 2026-03-20
8.8
CVSS
HIGH
CVE-2025-48208
pub. 2025-09-09
8.8
CVSS
HIGH
CVE-2022-4254
pub. 2023-02-01
8.7
CVSS
HIGH
CVE-2026-40459
pub. 2026-04-17
8.7
CVSS
HIGH
CVE-2026-25560
pub. 2026-02-07
8.2
CVSS
HIGH
CVE-2026-40193
pub. 2026-04-16
8.2
CVSS
HIGH
CVE-2026-34578
pub. 2026-04-09
8.1
CVSS
HIGH
CVE-2026-44304
pub. 2026-05-12
Showing 20 of 70 vulnerabilities