566 matches found
EUVD-2022-1857
Malicious code in bioql PyPI...
EUVD-2021-2924
Malicious code in bioql PyPI...
EUVD-2021-2921
Malicious code in bioql PyPI...
EUVD-2022-49969
Malicious code in bioql PyPI...
EUVD-2023-23985
Malicious code in bioql PyPI...
EUVD-2025-28994
Malicious code in bioql PyPI...
CVE-2025-57295
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access ca...
CVE-2025-36222
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions...
GO-2025-3918 NeuVector admin account has insecure default password in github.com/neuvector/neuvector
NeuVector admin account has insecure default password in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
CVE-2025-41708
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission...
CVE-2025-41708 Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission...
Google Android Information Disclosure Vulnerability (CNVD-2025-23028)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an insecure default value flaw in the generateRandomPasword function in LocalBluetoothLeBroadcast.java. An attacker can exploit the leak to obtai...
PT-2025-36445
Name of the Vulnerable Software and Affected Versions: Bender Charge Controller product families including CC612, CC613, ICC13xx, ICC15xx, ICC16xx Description: The web interface uses HTTP instead of HTTPS due to an insecure default configuration. An unauthenticated attacker on the same network...
CVE-2025-48563
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32330
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...
CVE-2025-48563
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48563
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-32330
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...
CVE-2025-32330
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...
CVE-2025-48563
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...