400 matches found
pgjdbc: pgjdbc insecure authentication in channel binding
A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...
CVE-2025-44643
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could...
Draytek多款产品 安全漏洞
Draytek AP903 and others are a wireless access point from China Draytek Draytek. A security vulnerability exists in various Draytek products, which stems from an insecure configuration that could lead to unauthorized control of the routing daemon. The following products and versions are affected:...
CVE-2018-25114
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...
Improper Authentication
@haxtheweb/haxcms-nodejs is vulnerable to improper authentication. The vulnerability is due to an insecure default configuration in the NodeJS backend that disables JWT checks by default, which allows an attacker to gain unauthorized access if the server is deployed without modifying these defaul...
CVE-2018-25114
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...
PT-2025-30585 · Unknown · Oscommerce Online Merchant
Name of the Vulnerable Software and Affected Versions: osCommerce Online Merchant version 2.3.4.1 Description: A remote code execution issue exists due to insecure default configuration and missing authentication in the installer workflow. The /install/ directory remains accessible after...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
GHSA-F38F-JVQJ-MFG6 NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details If a user were to deploy haxcms-nodejs without modifying the default settings,...
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details If a user were to deploy haxcms-nodejs without modifying the default settings,...
PT-2025-30344 · Hax Cms · Hax Cms
Name of the Vulnerable Software and Affected Versions: HAXcms versions prior to 11.0.7 Description: HAXcms with a nodejs backend allows users to start the server in any HAXsite or HAXcms instance. The NodeJS version of HAXcms, in versions 11.0.6 and below, uses an insecure default configuration...
CVE-2025-25271
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...
CVE-2025-27452
The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...
PT-2025-27781 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The configuration of the Apache httpd webserver is partly insecure due to unnecessary activated modules. These modules pose a risk to the webserver, enabling directory listing...
NSClient++ 安全漏洞
NSClient++ is an NSClient open source monitoring agent program for Windows systems. A security vulnerability exists in NSClient++ version 0.5.2.35, which stems from an insecure configuration that could lead to elevation of privilege...
CVE-2014-0468
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories SVN, Git, Bzr.... This issue affects fusionforge: before 5.3+20140506...
Denial Of Service (DoS)
org.apache.kafka, kafka-clients is vulnerable to Denial Of Service DoS. The vulnerability is due to insecure SASL JAAS JndiLoginModule configuration in the Kafka Connect API and brokers, which allows attackers with AlterConfigs permission to exploit the system...
ALPINE-CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...
CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...