222 matches found
CVE-2026-0082
CVE-2026-0082 affects the Android framework: in NfcDispatcher.java’s tryStartActivity there is an insecure default value that can automatically assign a special app access permission. This leads to local elevation of privilege with no extra execution privileges required and no user interaction ne...
CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...
Insecure Defaults
Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...
Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...
CVE-2026-41039
This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...
CVE-2026-6866
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...
Insecure Default Initialization of Resource
Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Basic Authentication setup bin/solr auth enable tool. An attacker can gain full...
CVE-2026-45374
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...
CVE-2026-33590
Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...
CVE-2026-45374
CVE-2026-45374 affects CodeWhale’s DeepSeek+MiMo task_create flow. Before version 0.8.26, sub-agents inherit two insecure defaults: allow_shell = true and auto_approve = true, enabling unrestricted, unapproved shell access after user approval of a task_create prompt. This can lead to remote comma...
EUVD-2026-32962
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...
CVE-2026-45374 CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...
CVE-2026-45374 CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...
Portainer 安全漏洞
Portainer is a lightweight user management interface developed by Portainer, open source, for managing Docker environments and Docker hosts. There is a security vulnerability in Portainer. This vulnerability stems from insecure default settings that grant regular users access to the host’s file...
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...
GHSA-72W5-PF8H-XFP4 DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...
PT-2026-41186
Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description The task create tool spawns durable sub-agents that inherit insecure default settings. Specifically, the allow shell variable defaults to true and the auto approve variable defaults to true. When ...
Schneider Electric EcoStruxure Panel Server 安全漏洞
Schneider Electric EcoStruxure Panel Server is an IoT gateway developed by Schneider Electric of France, used for data collection and uploading. Schneider Electric EcoStruxure Panel Server has a security vulnerability that stems from the use of insecure default values during resource...
Pandora FMS 安全漏洞
Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. There are security vulnerabilities in the 777 to 800 version of Pandora FMS. These vulnerabilities stem from...
CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...