Lemonldap-ng Lemonldap::ng
2 CVEs affecting Lemonldap-ng Lemonldap::ng. Latest disclosed: 2026-01-16. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59518 | High | 8.0 | 2025-09-17 | In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluat… |
CVE-2025-31510 | High | 7.2 | 2026-01-16 | In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) v… |