270 matches found
CVE-2025-15554 Admin Passwords Cached by Browsers in Truesec LAPSWebUI
Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...
CVE-2025-15553 Insecure Logout Functionality in Truesec LAPSWebUI
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15553
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15552 Long Session Lifetime in Truesec LAPSWebUI
Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15552 Long Session Lifetime in Truesec LAPSWebUI
Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
PT-2026-25676
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2024-14024 Video Station
An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the...
PT-2026-23022
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This...
CVE-2026-20099
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the adminLoad.handleLoad process. An attacker can modify the running configuration and alter server behavior by sending cross-origin requests to the local admin API when origin enforcement is not...
CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...
CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...
CVE-2019-25313
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin accoun...
CVE-2019-25313 FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin accoun...
CVE-2019-25313
FlexNet Publisher 11.12.1 is affected by a cross-site request forgery that lets an attacker create a local admin account without authentication. An attacker can craft a malicious HTML form to trick an authenticated user into submitting a request that creates a new local admin with a predefined pa...
CVE-2019-25313
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin accoun...
Flexera FlexNet Publisher(FLEXlm) 跨站请求伪造漏洞
Flexera FlexNet Publisher FLEXlm is a software licensing management component within the Entitlement Relationship Management Solution provided by the American company Flexera. This product enables software and hardware manufacturers to manage software licensing terms, including pricing, packaging...
CVE-2026-1680
Improper access control in the WCF endpoint in Edgemo now owned by Danoffice IT Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group...
CVE-2026-1680 Local Privilege Escalation in Local Admin Service
Improper access control in the WCF endpoint in Edgemo now owned by Danoffice IT Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group...
CVE-2026-1680
CVE-2026-1680 affects Edgemo (now Danoffice IT) Local Admin Service 1.2.7.23180 on Windows. The issue is an improper access control in the WCF endpoint, enabling a local user to escalate privileges to local administrator by directly communicating with the LocalAdminService.exe named pipe, bypassi...