405 matches found
CVE-2026-30975 Sonarr Authentication Bypass vulnerability
Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...
SUSE CVE-2026-31863
Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...
EUVD-2016-10817
ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp that allows attackers to authenticate without valid credentials by spoofing localhost requests. Attackers can exploit the EnvironmentUtil.getClientIp method which treats IPv6 loopback address...
EulerOS Virtualization 2.12.0 : sssd (EulerOS-SA-2026-1521)
According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default...
EUVD-2026-11355
A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error...
CVE-2026-20040
The vulnerability CVE-2026-20040 affects Cisco IOS XR Software CLI. It stems from insufficient validation of user arguments passed to specific CLI commands, allowing an authenticated, low-privilege attacker to elevate privileges to root and execute arbitrary commands on the underlying OS. The iss...
PT-2026-24833
CVE-2026-1653 A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Wind… https://t.co/dwTAJ9z9UE...
CVE-2025-30042
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...
CVE-2025-30042
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...
CVE-2025-30042
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...
CVE-2025-30042
The CVE-2025-30042 entry concerns the CGM CLININET system, where smart card authentication is effectively bypassed because access verification uses only the certificate number on the client, not the presence of a smart card or private key. This allows authentication if the certificate number is k...
EUVD-2025-208147
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...
CVE-2025-30042 Session generation possible with certificate number only
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...
CVE-2025-30042 Session generation possible with certificate number only
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...
PT-2026-22574
Name of the Vulnerable Software and Affected Versions CGM CLININET system affected versions not specified Description The CGM CLININET system uses smart card authentication, but authentication happens locally on the client device. Instead of verifying the smart card and private key, only the...
CVE-2026-3194
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...
CVE-2026-26334
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...
K000159874: SSSD vulnerability CVE-2025-11561
Security Advisory Description A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is...
CVE-2025-9711 Privilege escalation in Brocade Fabric OS before 9.2.1c3, and 9.2.2 though 9.2.2b
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands...
CVE-2025-58379
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user...