Lucene search
K

222 matches found

Snyk
Snyk
added 2026/02/05 12:36 a.m.2 views

Insecure Default Initialization of Resource

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the use of a hardcoded JWT secret in the default configuration. An attacker can gain administrative...

9.8CVSS6.2AI score0.00759EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 7:33 p.m.32 views

CVE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

5.1CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 7:33 p.m.3 views

CVE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

5.1CVSS5.9AI score0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : NetworkManager-1.18.8-1.el7 (AXSA:2020-722:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-722:06 advisory. NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults CVE-2020-10754 Tenable has extracted the precedin...

4.3CVSS5.5AI score0.00983EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : NetworkManager-1.22.8-5.0.1.el8 (AXSA:2020-732:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-732:01 advisory. NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults CVE-2020-10754 Tenable has extracted the precedin...

4.3CVSS5.5AI score0.00983EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.4 views

CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...

9.8CVSS6.9AI score0.00588EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-4342

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy...

9.8CVSS6.9AI score0.00588EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/01 6:33 a.m.2 views

Insecure Defaults

Overview ingenious is an An enterprise-grade Python library for quickly setting up APIs to interact with AI Agents Affected versions of this package are vulnerable to Insecure Defaults in the form of a hardcoded fallback JWT key in jwt.py, which may be used under certain circumstances if one is n...

8.3CVSS6.8AI score
Exploits0References3
CVE
CVE
added 2025/12/30 12:0 a.m.16 views

CVE-2025-56332

CVE-2025-56332 affects fosrl/pangolin,

9.1CVSS6.5AI score0.00387EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/12/16 9:30 p.m.3 views

EUVD-2025-203842

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...

6.2CVSS6.5AI score0.00085EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 8:1 p.m.25 views

CVE-2025-13532 Weak Password Hash in Core Privileged Access Manager (BoKS)

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...

6.2CVSS0.00085EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:1 p.m.11 views

CVE-2025-13532

This CVE concerns Fortra’s Core Privileged Access Manager (BoKS): BoKS Server Agent 9.0 with yescrypt support running in a BoKS 8.1 domain is affected by insecure defaults that can cause the use of weak password hash algorithms. The issue is described across multiple sources as an insecure defaul...

6.2CVSS6.7AI score0.00085EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/10 12:0 a.m.2 views

Google Android Insecure Defaults Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure defaults vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS6.4AI score0.00072EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.8 views

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure defaults vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS6AI score0.00072EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/02 3:30 p.m.5 views

EUVD-2025-200255

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader...

6.6AI score0.00276EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/21 3:31 p.m.4 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in that the denynullbind parameter in LDAP authentication is false by default if it is not set in a config. An attacker can gain unauthorized access by exploiting LDAP servers that permit...

9.8CVSS7.1AI score0.00492EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/12 4:2 p.m.7 views

CVE-2025-10918

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...

7.1CVSS6.4AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.6 views

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to SAMSUNG SMR Nov-2025 Release 1, which stems from the presence of an insecure default configuration for...

6.8CVSS6.1AI score0.00184EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/11/03 12:0 a.m.313 views

📄 WatchGuard Firebox Default Credentials / SSH Access

The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 using the default credentials. This configuration exposes the device to remote attackers who can gain full administrative access without prior authentication. CVE-2025-5939...

7.2AI score0.00043EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.6 views

EulerOS 2.0 SP13 : cloud-init (EulerOS-SA-2025-2252)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization by Canonical. There is a security...

8.8CVSS5.7AI score0.00203EPSS
Exploits0References3
Rows per page
Query Builder