Lucene search
+L

64 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/09 3:27 p.m.7 views

CVE-2026-59208

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 10:7 a.m.12 views

CVE-2026-49757 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined sign-in...

9.2CVSS5.3AI score0.00563EPSS
Exploits1References5
OSV
OSV
added 2026/05/20 2:22 p.m.3 views

CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS6AI score0.00182EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38588

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An authentication bypass allows an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication is enable...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.5 views

CVE-2026-33771

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS5.7AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 9:33 p.m.33 views

CVE-2026-33771

CVE-2026-33771 affects Juniper CTP OS (CTP OS) and its password management function, where password complexity requirements configured in the admin menu are not saved, allowing weak passwords. This could enable an unauthenticated, network-based attacker to exploit weak local passwords and potenti...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:33 p.m.24 views

CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

9.1CVSS0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.13 views

PT-2026-31797

Name of the Vulnerable Software and Affected Versions Juniper Networks CTP OS versions 9.2R1 and 9.2R2 Description A Weak Password Requirements issue in the password management function may allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentiall...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/01 3:31 a.m.4 views

EUVD-2025-209154

XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users...

6.9CVSS5.9AI score0.00116EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.5 views

CVE-2025-54149

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central...

7.1CVSS5.5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.5 views

CVE-2021-27654

Forgotten password reset functionality for local accounts can be used to bypass local authentication checks...

8.8CVSS7.2AI score0.00603EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2012-4763

Malware in sbrugna...

1.9CVSS6.4AI score0.00352EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-14400

Malware in sbrugna...

8.8CVSS8.4AI score0.00603EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54338

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00368EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-28996

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.00783EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-32435

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00548EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-49991

Malicious code in bioql PyPI...

6.2CVSS5.8AI score0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-16125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu an...

7.2CVSS7AI score0.01109EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.9 views

CVE-2023-42012

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509...

6.2CVSS6.2AI score0.00226EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 9:59 p.m.11 views

CVE-2022-24083

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks...

9.8CVSS6.9AI score0.00783EPSS
Exploits0References1
Rows per page
Query Builder