CVE-2026-46026

The CVE-2026-46026 issue affects Linux kernel net: qrtr: ns, where the code previously did not bound the number of lookups a client could perform. A malicious local client could flood NEW_LOOKUP messages on the same socket despite local restrictions. The fix limits the maximum lookups to 64 globa...

CVE-2026-31863 Improper Restriction of Excessive Authentication Attempts in github.com/anyproto/anytype-heart

Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. This vulnerability is fixed in anytype-heart 0.48.4, anytype-cli 0.1.11, and Anytype Desktop 0.54.5...

CVE-2026-25593

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

EUVD-2021-27679

Malicious code in bioql PyPI...

EUVD-2023-34105

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-3176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication servic...

CVE-2025-9036 Rockwell Automation FactoryTalk® Action Manager v1.0.0 Runtime Vulnerability

A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection...

CVE-2023-2639

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat acto...

SUSE CVE-2016-3176

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient...

JSA10453 - 2010-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Local Client Logging Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. User session information is saved to the local system even when client logging is disabled. Pulse Secure would like to acknowledge Espion Ltd. Dublin, Ireland for bringing this to our...

CVE-2022-25214

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated...

CVE-2022-25214

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated...

CVE-2021-40503

An information disclosure vulnerability exists in SAP GUI for Windows - versions 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able ...

PYSEC-2017-33

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient...

UBUNTU-CVE-2016-3176

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient...

openSUSE Security Update : XWayland (openSUSE-2015-438)

The XWayland portion of the x.org X11 server was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-3164: Unauthorised local client access in XWayland boo934102 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Code injection

The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API...

CVE-2015-1170

The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API...