Lucene search
K

567 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/01/20 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0890

UNSUPPORTED WHEN ASSIGNED Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but...

9.8CVSS5.8AI score0.12892EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.5 views

CVE-2023-4329

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute...

9.8CVSS6.9AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:16 a.m.4 views

CVE-2021-0302

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...

9.3CVSS6.8AI score0.00705EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:15 a.m.9 views

CVE-2019-2120

In OatFileAssistant::GenerateOatFile of oatfileassistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...

7.8CVSS7.4AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.9 views

CVE-2020-12336

Insecure default variable initialization in firmware for some IntelR NUCs may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.2AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.7 views

CVE-2024-34734

In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS7.1AI score0.00086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 12:2 a.m.8 views

CVE-2025-56332

Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...

9.1CVSS6.9AI score0.00387EPSS
Exploits1References1
NVD
NVD
added 2025/12/30 6:15 p.m.4 views

CVE-2025-56332

Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...

9.1CVSS0.00387EPSS
Exploits1References2
OSV
OSV
added 2025/12/30 6:15 p.m.5 views

CVE-2025-56332

Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...

9.1CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2025/12/30 12:0 a.m.24 views

CVE-2025-56332

Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...

0.00387EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/30 12:0 a.m.3 views

CVE-2025-56332

Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration...

6.5AI score0.00387EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.8 views

PT-2025-54209

Name of the Vulnerable Software and Affected Versions Pangolin versions 1.6.2 and earlier Description An authentication bypass exists in Pangolin versions 1.6.2 and before due to an insecure default configuration. This allows attackers to access Pangolin resources. Recommendations Update Pangolin...

9.1CVSS6.8AI score0.00387EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

Fortra Core Privileged Access Manager 安全漏洞

Fortra Core Privileged Access Manager is an access rights management system from Fortra, Inc. A security vulnerability exists in Fortra Core Privileged Access Manager version 9.0, which stems from an insecure default configuration that could lead to the selection of a weak password hash algorithm...

6.2CVSS6.7AI score0.00085EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.3 views

Google Android Insecure Default Settings Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure default settings vulnerability that can be exploited by attackers to cause a local elevation of privilege...

7.3CVSS6.3AI score0.00123EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.3 views

CVE-2025-48629

In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.8AI score0.00072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.3 views

CVE-2025-48621

In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS6.8AI score0.00123EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.7 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1304)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1304 advisory. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad...

7.8CVSS6.5AI score0.00159EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/08 6:30 p.m.4 views

EUVD-2025-201740

In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.3AI score0.00072EPSS
Exploits0References2
NVD
NVD
added 2025/12/08 5:16 p.m.22 views

CVE-2025-48629

In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS0.00072EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 5:16 p.m.4 views

CVE-2025-48621

In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.3CVSS5.9AI score0.00123EPSS
Exploits1References3
Rows per page
Query Builder