PT-2026-38588

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An authentication bypass allows an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication is enable...

CVE-2026-33771

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

CVE-2026-33771

CVE-2026-33771 affects Juniper CTP OS (CTP OS) and its password management function, where password complexity requirements configured in the admin menu are not saved, allowing weak passwords. This could enable an unauthenticated, network-based attacker to exploit weak local passwords and potenti...

CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

PT-2026-31797

Name of the Vulnerable Software and Affected Versions Juniper Networks CTP OS versions 9.2R1 and 9.2R2 Description A Weak Password Requirements issue in the password management function may allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentiall...

EUVD-2025-209154

XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users...

CVE-2025-54149

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central...

CVE-2021-27654

Forgotten password reset functionality for local accounts can be used to bypass local authentication checks...

EUVD-2012-4763

Malware in sbrugna...

EUVD-2021-14400

Malware in sbrugna...

EUVD-2024-54338

Malicious code in bioql PyPI...

EUVD-2022-28996

Malicious code in bioql PyPI...

EUVD-2023-49991

Malicious code in bioql PyPI...

EUVD-2023-32435

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-16125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu an...

CVE-2023-42012

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509...

CVE-2022-24083

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks...

SMB SID User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB SID User Enumeration LookupSid', 'Description' = 'Determine what users exist via brute force SID lookups. This module can enumerate both loca...

CVE-2023-45702

An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts...

CVE-2023-45702

An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts...