CVE-2025-1863 Insecure default settings for recorder products

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related ...

Insecure Default Value for Authentication Variable

Overview Affected versions of this package are vulnerable to Insecure Default Value for Authentication Variable in the GetJwtSecret function in user.go. In the default configuration, the JWT secret value is predictable based on config values such as app.name. An attacker can bypass authentication...

CVE-2025-2442

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and availability when a malicious user, having physical access, sets the radio to the factory default...

CVE-2025-2441

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data...

Insecure Default Initialization of Resource

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the default newsletter opt-in settings. An attacker can abuse the system for mass unsolicited newsletter sign-ups without requiring...

CVE-2025-2441

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data...

CVE-2025-2441

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data...

CVE-2025-27443

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access...

CVE-2025-29985

Dell Common Event Enabler, versions CEE 9.0.0.0, contains an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent CAVA. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

CVE-2025-29985

Dell Common Event Enabler, versions CEE 9.0.0.0, contains an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent CAVA. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

CVE-2025-29985

Dell Common Event Enabler (CEE) 9.0.0.0 contains an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated, remote attacker could potentially exploit by abusing insecure default resource initialization to gain unauthorized acc...

CVE-2025-29985

Dell Common Event Enabler, versions CEE 9.0.0.0, contains an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent CAVA. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

Dell Common Event Enabler 安全漏洞

Dell Common Event Enabler is a framework from Dell USA. An unauthorized access vulnerability exists in Dell Common Event Enabler, which arises from the use of insecure default values when initializing resources, and can be exploited by an attacker to cause unauthorized access...

CVE-2025-1960

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...

CVE-2024-58102

An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions...

PT-2025-10456

Name of the Vulnerable Software and Affected Versions: Mage AI version 0.9.75 Description: A vulnerability was found in Mage AI, which has been classified as problematic. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The...

CVE-2023-48418

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-47197

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

Zyxel VMG4325-B10A 授权问题漏洞

The Zyxel VMG4325-B10A is a modem from China Heqin Zyxel. An authorization issue vulnerability exists in Zyxel VMG4325-B10A version 1.00AAFR.4C020170615, which stems from insecure default credentials...

GO-2025-3410 Insecure default config access in WriteFreely in github.com/writefreely/writefreely

Insecure default config access in WriteFreely in github.com/writefreely/writefreely...