Lucene search
K

31 matches found

Cvelist
Cvelist
added 2026/05/20 2:22 p.m.42 views

CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 9:14 p.m.40 views

CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider

An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...

6.3CVSS0.00266EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:37 a.m.9 views

CVE-1999-0503

A Windows NT local user or administrator account has a guessable password...

7.2CVSS6.7AI score0.01835EPSS
Exploits4References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2003-0973

Malware in sbrugna...

7.5CVSS6.4AI score0.01884EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-21395

Malware in sbrugna...

7.8CVSS7.6AI score0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18024

Malware in sbrugna...

7.8CVSS7.7AI score0.00309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/21 6:34 p.m.13 views

CVE-2003-0983

Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via 1 a "bubba" local user account, 2 an open TCP port 34571, or 3 when a local DHCP server is unavailable, a...

7.5CVSS6.8AI score0.01884EPSS
Exploits0References1
Prion
Prion
added 2023/12/13 6:15 p.m.26 views

Format string

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of that account, likely gaining...

4CVSS7AI score0.00286EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2022/08/17 12:0 a.m.21 views

How to secure a Windows PC for your kids

With the return to school fast approaching, it's time to ready the things your kids will need to pass the next year with flying colors. Increasingly, that means computing devices, which means you'll need to spend time thinking about the safety and security of what they will be using. In our "Back...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.7 views

PT-2022-4092 · Siemens · Simatic Pcs 7 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.1 prior to V9.1 SP1 SIMATIC WinCC versions V7.4 through V7.4 prior to V7.4 SP1 Update 19 SIMATIC WinCC versions V7.5 through V7.5 prior to V7.5 SP2 Update 6 SIMATIC WinCC...

8.8CVSS8.2AI score0.00682EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/01/11 2:33 p.m.27 views

CVE-2020-35483

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file...

7.5AI score0.00468EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/11 12:0 a.m.9 views

Anydesk Code Issue Vulnerability

Anydesk is a remote desktop connection software from Anydesk Germany. A code issue vulnerability exists in AnyDesk before 6.1.0 on Windows, which can be exploited by an attacker to compromise a local user account via a read-only setting of the Trojan gcapi.dll file...

7.8CVSS7.2AI score0.00468EPSS
Exploits0References2
Prion
Prion
added 2020/02/13 11:15 p.m.15 views

Security feature bypass

Internet TRiLOGI Server unknown versions could allow a local user to bypass security and create a local user account...

2.1CVSS6.9AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/13 10:51 p.m.22 views

CVE-2013-6927

Internet TRiLOGI Server unknown versions could allow a local user to bypass security and create a local user account...

5.4AI score0.00342EPSS
Exploits0References2
NVD
NVD
added 2019/10/17 8:15 p.m.32 views

CVE-2019-18192

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365...

7.8CVSS7.7AI score0.00344EPSS
Exploits1References2
CVE
CVE
added 2018/11/27 6:0 p.m.57 views

CVE-2018-6263

CVE-2018-6263 concerns NVIDIA GeForce Experience prior to version 3.16 on Windows. The issue allows a local user to plant a malicious DLL during application installation, enabling privilege escalation. The NVIDIA Security Bulletin (and CNVD/CVE records) confirm the affected product and the local-...

7.8CVSS7.6AI score0.00309EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/02/12 9:29 p.m.11 views

CVE-2018-1214

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achiev...

7CVSS6.9AI score0.00774EPSS
Exploits0References1
OSV
OSV
added 2018/02/12 9:29 p.m.3 views

CVE-2018-1214

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achiev...

7CVSS5.8AI score0.00774EPSS
Exploits0References1
Metasploit
Metasploit
added 2016/12/09 4:41 a.m.50 views

Windows Local User Account Hash Carver

This module will change a local user's password directly in the registry. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Local User Account Hash Carver', 'Description...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/11/24 12:0 a.m.48 views

Amazon Linux AMI : kernel (ALAS-2015-610)

A denial of service vulnerability was discovered in the keyring function's garbage collector in the Linux kernel. The flaw allowed any local user account to trigger a kernel panic. CVE-2015-7872 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

2.1CVSS6.3AI score0.00508EPSS
Exploits0References2
Rows per page
Query Builder