CVE-2022-30124

An improper authentication vulnerability exists in Rocket.Chat Mobile App 4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication PIN code...

CVE-2021-41525

An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior...

CVE-2020-1241

A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by...

CVE-2020-1272

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer...

CVE-2019-5317

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba...

CVE-2025-0217

BeyondTrust Privileged Remote Access PRA versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions...

CVE-2025-0217

BeyondTrust Privileged Remote Access PRA versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions...

CVE-2025-0217

BeyondTrust Privileged Remote Access (PRA) prior to version 25.1 is affected by a local authentication bypass. An authenticated local attacker can view the ShellJump session details initiated with external tools, enabling unauthorized access to connected sessions. Affected product: BeyondTrust PR...

CVE-2025-20206

A vulnerability in the interprocess communication IPC channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This...

GHSA-XR9Q-H9C7-XW8Q Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API

Impact An unauthenticated stack overflow crash, leading to a denial of service DoS, was identified in Rancher’s /v3-public/authproviders public API endpoint. A malicious user could submit data to the API which would cause the Rancher server to crash, but no malicious or incorrect data would...

Cisco APIC 安全漏洞

Cisco APIC is a software from Cisco USA for automation and management of the Cisco ACI switching matrix. It allows for policy enforcement, health monitoring, network configuration, and more. Cisco APIC has a security vulnerability that originates from insufficient masking of sensitive information...

F5 BIG-IP Next Central Manager Log Message Disclosure Vulnerability

F5 BIG-IP Next Central Manager is a centralized console from F5 USA. A log information disclosure vulnerability exists in F5 BIG-IP Next Central Manager, which originates from the possibility of recording sensitive information in log files when a user logs in using local authentication via the...

Intel Management Engine 访问控制错误漏洞

Intel Management Engine Intel ME is an embedded microcontroller from Intel Corporation USA. An access control error vulnerability exists in Intel Management Engine versions prior to 2422.6.2.0 that stems from improper access control and could allow an authenticated user to elevate privileges via...

CVE-2024-49814

IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges...

CVE-2025-23413

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-23413 BIG-IP Next Central Manager vulnerability

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

PT-2025-5736

Name of the Vulnerable Software and Affected Versions: BIG-IP Next Central Manager affected versions not specified Description: The issue concerns the logging of sensitive information in the pgaudit log files when users log in through the web interface or API using local authentication. This...

CVE-2024-8038

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks...

CVE-2024-47475

CVE-2024-47475 affects Dell PowerScale OneFS 8.2.2.x through 9.8.0.x due to an incorrect permission assignment for a critical resource. A locally authenticated attacker could exploit this to cause a denial of service. Public sources consistently describe the issue as a local-privilege/vulnerabili...