222 matches found
Insecure Default Initialization of Resource
Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the use of a hardcoded JWT secret in the default configuration. An attacker can gain administrative...
CVE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change
Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...
CVE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change
Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...
MiracleLinux 7 : NetworkManager-1.18.8-1.el7 (AXSA:2020-722:06)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-722:06 advisory. NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults CVE-2020-10754 Tenable has extracted the precedin...
MiracleLinux 8 : NetworkManager-1.22.8-5.0.1.el8 (AXSA:2020-732:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-732:01 advisory. NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults CVE-2020-10754 Tenable has extracted the precedin...
CVE-2023-4324
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...
CVE-2023-4342
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy...
Insecure Defaults
Overview ingenious is an An enterprise-grade Python library for quickly setting up APIs to interact with AI Agents Affected versions of this package are vulnerable to Insecure Defaults in the form of a hardcoded fallback JWT key in jwt.py, which may be used under certain circumstances if one is n...
CVE-2025-56332
CVE-2025-56332 affects fosrl/pangolin,
EUVD-2025-203842
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...
CVE-2025-13532 Weak Password Hash in Core Privileged Access Manager (BoKS)
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...
CVE-2025-13532
This CVE concerns Fortra’s Core Privileged Access Manager (BoKS): BoKS Server Agent 9.0 with yescrypt support running in a BoKS 8.1 domain is affected by insecure defaults that can cause the use of weak password hash algorithms. The issue is described across multiple sources as an insecure defaul...
Google Android Insecure Defaults Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure defaults vulnerability that can be exploited by an attacker to cause a local elevation of privilege...
Google Android 安全漏洞
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure defaults vulnerability that can be exploited by an attacker to cause a local elevation of privilege...
EUVD-2025-200255
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader...
Insecure Default Initialization of Resource
Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in that the denynullbind parameter in LDAP authentication is false by default if it is not set in a config. An attacker can gain unauthorized access by exploiting LDAP servers that permit...
CVE-2025-10918
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to SAMSUNG SMR Nov-2025 Release 1, which stems from the presence of an insecure default configuration for...
📄 WatchGuard Firebox Default Credentials / SSH Access
The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 using the default credentials. This configuration exposes the device to remote attackers who can gain full administrative access without prior authentication. CVE-2025-5939...
EulerOS 2.0 SP13 : cloud-init (EulerOS-SA-2025-2252)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security...