567 matches found
CVE-2026-30805
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...
EUVD-2026-29484
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...
CVE-2026-6866
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...
CVE-2026-6866 Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...
CVE-2026-6866
CVE-2026-6866 affects EcoStruxure Panel Server and describes a CWE-1188 vulnerability where initialization of a resource with an insecure default could enable unauthorized authentication when credentials revert to initial settings. The threat scenario implies potential unauthorized disclosure of ...
CVE-2026-6866 Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...
EUVD-2026-29438
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...
CVE-2026-7428
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...
CVE-2026-7428
CVE-2026-7428 affects Google Cloud AlloyDB for PostgreSQL. The vulnerability stems from insecure default administrative credentials that could be created by well-intended Terraform or REST API users before 2025-11-03, enabling a remote attacker to gain full administrative access to the database. ...
CVE-2026-7428 Insecure default administrative credentials in AlloyDB for PostgreSQL
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...
PT-2026-39995
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...
Google Cloud AlloyDB for PostgreSQL 安全漏洞
Google Cloud AlloyDB for PostgreSQL is a cloud-native, high-performance relational database service from Google Inc. That service is compatible with PostgreSQL. Versions of Google Cloud AlloyDB for PostgreSQL prior to 2025-11-03 contained a security vulnerability. This vulnerability stemmed from...
PT-2026-40049
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...
PT-2026-35034
Name of the Vulnerable Software and Affected Versions New API versions prior to 0.12.10 Description A flaw in the Stripe webhook handler allows unauthenticated attackers to forge webhook events and credit arbitrary quota to their accounts without payment. This is caused by three issues: the syste...
Insecure Default Initialization of Resource
Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to insecure default SSH server configuration, which advertises weak or deprecated key exchange, MAC, and host key algorithms. An attacker can compromise the confidentiality and integrity o...
Insecure Default Initialization of Resource
Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to insecure default SSH server configuration, which advertises weak or deprecated key exchange, MAC, and host key algorithms. An attacker can compromise the confidentiality and integrity o...
EUVD-2026-24505
HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...
CVE-2026-6823
HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...