567 matches found
VulnCheck KEV: CVE-2025-0890
UNSUPPORTED WHEN ASSIGNED Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but...
CVE-2023-4329
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...
CVE-2021-0302
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...
CVE-2019-2120
In OatFileAssistant::GenerateOatFile of oatfileassistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...
CVE-2020-12336
Insecure default variable initialization in firmware for some IntelR NUCs may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2024-34734
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2025-56332
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...
CVE-2025-56332
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...
CVE-2025-56332
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...
CVE-2025-56332
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...
CVE-2025-56332
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...
PT-2025-54209
Name of the Vulnerable Software and Affected Versions Pangolin versions 1.6.2 and earlier Description An authentication bypass exists in Pangolin versions 1.6.2 and before due to an insecure default configuration. This allows attackers to access Pangolin resources. Recommendations Update Pangolin...
Fortra Core Privileged Access Manager 安全漏洞
Fortra Core Privileged Access Manager is an access rights management system from Fortra, Inc. A security vulnerability exists in Fortra Core Privileged Access Manager version 9.0, which stems from an insecure default configuration that could lead to the selection of a weak password hash algorithm...
Google Android Insecure Default Settings Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure default settings vulnerability that can be exploited by attackers to cause a local elevation of privilege...
CVE-2025-48629
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48621
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1304)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1304 advisory. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad...
EUVD-2025-201740
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48629
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48621
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...