32 matches found
EUVD-2026-38089
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...
CVE-2026-30805
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...
Insecure Default Initialization of Resource
Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...
CVE-2026-24148
Affected product: NVIDIA Jetson platforms running JetPack/JETSON Linux. The vulnerability resides in the system initialization logic, allowing an unprivileged attacker to initialize a resource with an insecure default. Consequences stated include information disclosure of encrypted data, data tam...
PT-2026-29291
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data...
CVE-2026-2617
CVE-2026-2617 affects Beetel 777VR1 up to version 01.00.09, with a vulnerability in the Telnet Service/SSH Service causing insecure default initialization of a resource. Impact details in the connected sources indicate the issue is exploitable from the local network, and exploitation has been pub...
GHSA-794X-8X6X-QPFC Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
The vulnerability of the mbedtls_ssl_set_hostname function in Mbed TLS software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the mbedtlssslsethostname function in Mbed TLS software is related to insecure resource initialization. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of software products for conducting Zoom Workplace video conferences on the Windows operating system, related to insecure resource initialization, allows a perpetrator to influence the integrity of protected information.
The vulnerability of software products for conducting Zoom Workplace video conferences on the Windows operating system is related to an insecure initialization of resources. Exploiting this vulnerability could allow an attacker to influence the integrity of protected information...
Arbitrary Command Injection
Overview @cdklabs/cdk-proserve-lib is an AWS CDK library containing constructs, aspects, and patterns. Affected versions of this package are vulnerable to Arbitrary Command Injection due to forgetting to export the new Aspect. An attacker can compromise insecure resource policy settings,...
Schneider Electric Trio Q Licensed Data Radio 安全漏洞
The Schneider Electric Trio Q Licensed Data Radio is a radio from Schneider Electric France. The Schneider Electric Trio Q Licensed Data Radio suffers from an information disclosure vulnerability that stems from an insecure initialization of resources, which can be exploited by an attacker to...
Schneider Electric Trio Q Licensed Data Radio 安全漏洞
Schneider Electric Trio Q Licensed Data Radio is a radio from Schneider Electric France. A security vulnerability exists in Schneider Electric Trio Q Licensed Data Radio versions prior to v2.7.2, which stems from an insecure resource initialization that could lead to unauthorized access...
Pexip Infinity 安全漏洞
Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. The product provides high quality and secure cloud conferencing capabilities. A security vulnerability exists in Pexip Infinity versions prio...
CVE-2025-2129
Mage AI 0.9.75 is associated with an insecure default initialization of a resource (insecure default authentication setup) that could enable a remote attack. Documents describe a network-vector, high attack complexity, and partial confidentiality/integrity/availability impact. The exploitability ...
Mage AI 安全漏洞
Mage AI is a Mage open source intelligent program for building, running and managing data pipelines. A security vulnerability exists in Mage AI version 0.9.75 that stems from insecure resource initialization...
CVE-2025-0289
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service. Recent assessments: Assessed...
The vulnerability of the component set in the full stack for rapid development of the Filament PHP framework Laravel, related to insecure resource initialization, allows attackers to exploit it to disclose sensitive information.
The vulnerability of the component set of the full stack for the accelerated development of the Filament PHP framework Laravel is related to an insecure initialization of a resource, allowing a malicious actor to exploit this to disclose sensitive information...
The vulnerability of the microprogrammed software in modular controller devices for AC charging stations and wall-mounted charging devices from Phoenix Contact, CHARX SEC-3000, arises from insecure resource initialization. This allows a hacker to bypass the password protection of arbitrary users.
The vulnerability of the microprogrammed software in modular control devices for AC charging stations and wall-mounted charging devices from Phoenix Contact’s CHARX SEC-3000 is related to an unsafe initialization of resources. Exploiting this vulnerability could allow a malicious actor to reset t...
The vulnerability of the Telnet service of the microprogramming software for routers such as FutureNet NXR, FutureNet VXR, and FutureNet WXR allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Telnet service provided by the microprogramming software for FutureNet NXR, FutureNet VXR, and FutureNet WXR is related to insecure resource initialization. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality,...