CVE-2025-58379

Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user...

PT-2026-5774

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.2.1c3 Brocade Fabric OS versions 9.2.2 through 9.2.2b Description A flaw exists in Brocade Fabric OS that could allow a locally authenticated user to gain root privileges. This is achieved by utilizing the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004929 advisory. When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally...

CVE-2025-68947 NSecsoft NSecKrnl process termination privilege escalation

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver...

MiracleLinux 7 : sssd-1.16.5-10.16.0.2.el7.AXS7 (AXSA:2025-11497:09)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11497:09 advisory. CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal CVEs: CVE-2025-11561 A fla...

CVE-2023-4985

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

CVE-2021-27651

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks...

PT-2026-1582

Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2 Description A configuration issue with service binding in internal service components allows a privileged attacker to affect service availability. This occurs because administrative services are exposed through...

CVE-2022-50791

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...

CLSA-2025-1766075810 sssd: Fix of CVE-2025-11561

CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal...

CVE-2025-13155

An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges...

Oracle Linux 7 : sssd (ELSA-2025-19847)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-19847 advisory. 1.16.5-10.0.5.16 - krb5: disable Kerberos localauth an2ln plugin for AD/IPA Orabug: 38621159 Tenable has extracted the preceding description block directly fro...

sssd security update

1.16.5-10.0.5.16 - krb5: disable Kerberos localauth an2ln plugin for AD/IPA Orabug: 38621159...

CVE-2024-58278 IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution

perl2exe = V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized acce...

CVE-2025-54305

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTEADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user wit...

CVE-2025-54305

CVE-2025-54305 affects Thermo Fisher Torrent Suite Django application version 5.18.1. The LocalhostAuthMiddleware authenticates users as ionadmin when request.META[REMOTE_ADDR] is 127.0.0.1, 127.0.1.1, or ::1, allowing any user with local server access to bypass authentication. Documented impact ...

Linux Distros Unpatched Vulnerability : CVE-2025-13640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the...

CLSA-2025-1764028069 sssd: Fix of CVE-2025-11561

CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal...

CVE-2025-47761

An Exposed IOCTL with Insufficient Access Control vulnerability CWE-782 vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would requi...

CLSA-2025-1763397525 sssd: Fix of CVE-2025-11561

CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal...