Lucene search
K

414 matches found

Cvelist
Cvelist
added 2025/12/04 8:42 p.m.24 views

CVE-2024-58278 IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution

perl2exe = V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized acce...

8.5CVSS0.00164EPSS
Exploits0References4
NVD
NVD
added 2025/12/04 3:15 p.m.5 views

CVE-2025-54305

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTEADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user wit...

7.8CVSS0.00139EPSS
Exploits0References3
CVE
CVE
added 2025/12/04 12:0 a.m.13 views

CVE-2025-54305

CVE-2025-54305 affects Thermo Fisher Torrent Suite Django application version 5.18.1. The LocalhostAuthMiddleware authenticates users as ionadmin when request.META[REMOTE_ADDR] is 127.0.0.1, 127.0.1.1, or ::1, allowing any user with local server access to bypass authentication. Documented impact ...

7.8CVSS6.3AI score0.00139EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-13640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the...

3.5CVSS5.4AI score0.00163EPSS
Exploits0References2
OSV
OSV
added 2025/11/24 11:47 p.m.7 views

CLSA-2025-1764028069 sssd: Fix of CVE-2025-11561

CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal...

8.8CVSS7.3AI score0.00756EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 5:1 p.m.2 views

CVE-2025-47761

An Exposed IOCTL with Insufficient Access Control vulnerability CWE-782 vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would requi...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2025/11/17 4:38 p.m.6 views

CLSA-2025-1763397525 sssd: Fix of CVE-2025-11561

CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal...

8.8CVSS6.6AI score0.00756EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/14 5:53 p.m.4 views

CVE-2025-4618 Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...

6.9CVSS5.7AI score0.00084EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/14 5:53 p.m.7 views

EUVD-2025-197638

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...

6.9CVSS5.6AI score0.00084EPSS
Exploits0References2
NVD
NVD
added 2025/11/12 8:15 p.m.4 views

CVE-2025-8485

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application...

7.3CVSS0.00119EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.9 views

Ubuntu: Security Advisory (USN-7867-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8AI score
Exploits0References3
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.6 views

Schneider Electric PowerChute Serial Shutdown 安全漏洞

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown, and energy management software from Schneider Electric France. A security vulnerability exists in Schneider Electric PowerChute Serial Shutdown that stems from improperly restricted authentication attempts, which...

6.9CVSS6.7AI score0.0055EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/11 7:30 p.m.23 views

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

8.8CVSS5.8AI score0.00756EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/08 12:31 a.m.6 views

EUVD-2020-30818

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

9.2CVSS7.3AI score0.00762EPSS
Exploits0References5
NVD
NVD
added 2025/11/07 10:15 p.m.4 views

CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

9.2CVSS0.00762EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/07 9:52 p.m.11 views

CVE-2020-36870 Ruijie Gateway EG & NBR Models v11.1(6)B9P1 - 11.9(4)B12P1 RCE

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

9.2CVSS0.00762EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/04 10:48 a.m.4 views

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

8.8CVSS5.8AI score0.00756EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.8 views

PT-2025-44797

Name of the Vulnerable Software and Affected Versions Lenovo Tablets affected versions not specified Description A potential issue exists in some Lenovo Tablets that may allow a locally authenticated user or application to access sensitive device-specific information. Recommendations At the momen...

6.8CVSS6.2AI score0.00107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/01 12:0 a.m.5 views

Fedora 42 : sssd (2025-5f49ddd4af)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-5f49ddd4af advisory. - Fixes CVE-2025-11561 - Resolves: https://bugzilla.redhat.com/showbug.cgi?id=2402728 After startup SSSD already creates a Kerberos configuration snippet in...

8.8CVSS5.5AI score0.00756EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.7 views

Amazon Linux 2023 : libipa_hbac, libipa_hbac-devel, libsss_autofs (ALAS2023-2025-1249)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1249 advisory. A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication...

8.8CVSS5.5AI score0.00756EPSS
Exploits0References4
Rows per page
Query Builder