55 matches found
The vulnerability of the Factory Default configuration of the Microprogramming Software for Digital Radio Data Transmission Devices Trio Q Data Radio, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Factory Default configuration of the Microprogramming Software for Digital Radio Data Transmission Devices from Trio Q Data Radio is related to the insecure initialization of resources. Exploiting this vulnerability could allow an attacker to compromise the confidentialit...
CVE-2025-27443
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access...
Insecure Default Initialization of Resource
Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the default newsletter opt-in settings. An attacker can abuse the system for mass unsolicited newslett...
CVE-2025-27443 Zoom Workplace Apps for Windows - Insecure Default Variable Initialization
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access...
CVE-2025-27443
CVE-2025-27443 concerns Zoom Workplace Apps for Windows, caused by insecure default variable initialization in the affected software. The vulnerability could allow an authenticated user to cause a loss of integrity via local access. Multiple connected sources consistently describe the issue in Zo...
PT-2025-15688 · Schneider Electric · Trio Q Data Radio +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A vulnerability exists due to the initialization of a resource with an insecure default, potentially leading to unauthorized access. This could result in the loss of confidentiality,...
PT-2025-15464 · Zoom · Zoom Workplace Apps
Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps for Windows affected versions not specified Description: The issue is related to insecure default variable initialization, which may allow an authenticated user to conduct a loss of integrity via local access...
Zoom Workplace 安全漏洞
Zoom Workplace Apps for Windows is an official suite of collaboration tools from Zoom that includes core features such as team chat, whiteboards, notes, and more, and is required to be used through a Zoom Meetings account. A security vulnerability exists in Zoom Workplace Apps for Windows, which...
Apache Solr Code Issue Vulnerability
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr, which stems from the presence of a...
GHSA-H7W9-C5VX-X7J3 Insecure Default Initialization of Resource vulnerability in Apache Solr
New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted"...
PT-2024-31485 · Apache · Apache Solr
Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.6.0 through 8.11.3 Apache Solr versions 9.0.0 through 9.6.x Description: The issue arises from the insecure default initialization of resources in Apache Solr, where new ConfigSets created via a Restore command lack the...
GO-2023-1879 Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource in go.temporal.io/server
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource in go.temporal.io/server...
PT-2024-5244
Name of the Vulnerable Software and Affected Versions: FutureNet NXR series, VXR series and WXR series affected versions not specified Description: The issue is related to the insecure initialization of a resource in the Telnet service of the affected devices, allowing a remote attacker to impact...
CVE-2024-25972
CVE-2024-25972 affects Atsumi Electric Co., Ltd.’s OET-213H-BTS1. The issue is an insecure initial configuration (CWE-1188) where the product does not perform authorization checks for API requests, enabling a network-adjacent, unauthenticated attacker to configure and control the device. Document...
Apache Superset Insecure Default Initialization of Resource Vulnerability
Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRETKEY according to installation instructions...
Insecure AES Initialization Vector
PyPinkSign is vulnerable to the Insecure Initialization Vector. The vulnerability is due to usage of static Initialization Vector for AES encryption. This could lead to Information Disclosure...
Input validation
Improper initialization in some IntelR Aptio V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-40349
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...
GHSA-GM2G-2XR9-PXXJ Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...
Information Disclosure
Apache InLong is vulnerable to Information Disclosure. The vulnerability exists in multiple functions due to Insecure Default Initialization of Resources, which allows a remote attacker to access deleted user's data after registering...