This page lists publicly disclosed CVE vulnerabilities affecting lemonldap-ng lemonldap:: (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-13031 | LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule. | [email protected] | 8.1 | 1.93% | 2019-06-28 | 2026-06-16 |
| CVE-2012-6426 | LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. | [email protected] | 7.5 | 1.55% | 2013-01-01 | 2026-06-16 |