Lucene search
K

567 matches found

NVD
NVD
added 2026/05/12 4:16 p.m.32 views

CVE-2026-30805

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...

9.1CVSS0.00341EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.10 views

EUVD-2026-29484

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS5.8AI score0.00291EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 3:16 p.m.14 views

CVE-2026-6866

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 1:59 p.m.10 views

CVE-2026-6866 Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS5.8AI score0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 1:59 p.m.73 views

CVE-2026-6866

CVE-2026-6866 affects EcoStruxure Panel Server and describes a CWE-1188 vulnerability where initialization of a resource with an insecure default could enable unauthorized authentication when credentials revert to initial settings. The threat scenario implies potential unauthorized disclosure of ...

8.2CVSS5.8AI score0.00291EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 1:59 p.m.65 views

CVE-2026-6866 Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 12:32 p.m.17 views

EUVD-2026-29438

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...

9.2CVSS5.8AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 10:16 a.m.14 views

CVE-2026-7428

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...

9.2CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 9:16 a.m.23 views

CVE-2026-7428

CVE-2026-7428 affects Google Cloud AlloyDB for PostgreSQL. The vulnerability stems from insecure default administrative credentials that could be created by well-intended Terraform or REST API users before 2025-11-03, enabling a remote attacker to gain full administrative access to the database. ...

9.2CVSS5.8AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 9:16 a.m.13 views

CVE-2026-7428 Insecure default administrative credentials in AlloyDB for PostgreSQL

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...

9.2CVSS5.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-39995

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...

9.2CVSS5.8AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Google Cloud AlloyDB for PostgreSQL 安全漏洞

Google Cloud AlloyDB for PostgreSQL is a cloud-native, high-performance relational database service from Google Inc. That service is compatible with PostgreSQL. Versions of Google Cloud AlloyDB for PostgreSQL prior to 2025-11-03 contained a security vulnerability. This vulnerability stemmed from...

9.2CVSS5.9AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40049

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...

9.1CVSS5.8AI score0.00341EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 6:41 p.m.33 views

CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

4.8CVSS0.00119EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/29 10:28 p.m.32 views

Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...

4.8CVSS5.3AI score0.00119EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-35034

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.12.10 Description A flaw in the Stripe webhook handler allows unauthenticated attackers to forge webhook events and credit arbitrary quota to their accounts without payment. This is caused by three issues: the syste...

8.2CVSS5.9AI score0.00259EPSS
Exploits1References12
Snyk
Snyk
added 2026/04/22 8:37 p.m.4 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to insecure default SSH server configuration, which advertises weak or deprecated key exchange, MAC, and host key algorithms. An attacker can compromise the confidentiality and integrity o...

6.3CVSS5.6AI score
Exploits0References3
Snyk
Snyk
added 2026/04/22 8:37 p.m.6 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to insecure default SSH server configuration, which advertises weak or deprecated key exchange, MAC, and host key algorithms. An attacker can compromise the confidentiality and integrity o...

6.3CVSS5.6AI score
Exploits0References3
EUVD
EUVD
added 2026/04/21 9:31 p.m.6 views

EUVD-2026-24505

HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...

8.3CVSS5.9AI score0.00341EPSS
Exploits1References5
NVD
NVD
added 2026/04/21 9:16 p.m.5 views

CVE-2026-6823

HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...

8.3CVSS0.00341EPSS
Exploits1References4
Rows per page
Query Builder