Lucene search
K

567 matches found

Snyk
Snyk
added 2026/02/11 7:49 p.m.5 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the registerHTTPServer function. An attacker can gain full access to sensitive configuration data, manipulate or delete collections, manage user credentials, shut down services, and write...

9.8CVSS5.8AI score0.27661EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.6 views

CVE-2026-25894

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...

9.8CVSS6.2AI score0.00759EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 11:16 p.m.9 views

CVE-2026-25894

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...

9.8CVSS0.00759EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/09 10:28 p.m.26 views

CVE-2026-25894 FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...

9.5CVSS0.00759EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 10:28 p.m.4 views

CVE-2026-25894

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is...

9.5CVSS6.2AI score0.00759EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/02/05 12:36 a.m.6 views

Insecure Default Initialization of Resource

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the use of a hardcoded JWT secret in the default configuration. An attacker can gain administrative access...

9.8CVSS6AI score0.00759EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 12:36 a.m.5 views

GHSA-32CC-X95P-FXCG FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration

Description An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This...

9.5CVSS6.3AI score0.00759EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.8 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.5AI score0.00463EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:30 p.m.4 views

GHSA-R5M2-FQCF-QRF7 FUXA contains an insecure default configuration vulnerability

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.5AI score0.00463EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 6:16 p.m.5 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.6AI score
Exploits0References1
EUVD
EUVD
added 2026/02/03 12:0 a.m.7 views

EUVD-2025-206711

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

5.5AI score0.00463EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.5 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

5.5AI score0.00463EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 12:0 a.m.27 views

CVE-2025-69970

CVE-2025-69970 affects FUXA v1.2.7, where an insecure default configuration exists in server/settings.default.js: the secureEnabled flag is commented out, causing authentication to be disabled on startup. This enables unauthenticated remote access to sensitive API endpoints, with capabilities to ...

9.3CVSS5.5AI score0.00463EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6471

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.6AI score0.00463EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 10:26 p.m.6 views

CVE-2026-25060 OpenList Insecure TLS Default Configuration

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig function in internal/conf/config.go. This vulnerability enables...

8.1CVSS5.4AI score0.00239EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/02 8:12 p.m.8 views

OpenList has Insecure TLS Default Configuration

Summary The application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This enables the complete decryption, theft, and manipulation of all data transmitted during storage operations,...

8.1CVSS5.6AI score0.00239EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/02 6:30 a.m.6 views

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.3AI score0.00274EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/02/02 5:47 a.m.30 views

CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS0.00274EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/26 10:4 a.m.28 views

CVE-2025-59097 Unauthenticated SOAP API in dormakaba access manager

The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...

9.3CVSS0.00523EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:4 a.m.17 views

CVE-2025-59097

The CVE-2025-59097 issue affects the dormakaba exos 9300 configuration GUI used to push configurations to Access Managers (e.g., 92xx, 9230, 9290). When the user saves a configuration, the SOAP payload is sent to the selected Access Manager without authentication or authorization by default. Whil...

9.3CVSS5.9AI score0.00523EPSS
Exploits0References3
Rows per page
Query Builder