Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...

CVE-2026-24148

Affected product: NVIDIA Jetson platforms running JetPack/JETSON Linux. The vulnerability resides in the system initialization logic, allowing an unprivileged attacker to initialize a resource with an insecure default. Consequences stated include information disclosure of encrypted data, data tam...

PT-2026-29291

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data...

CVE-2026-2617

CVE-2026-2617 affects Beetel 777VR1 up to version 01.00.09, with a vulnerability in the Telnet Service/SSH Service causing insecure default initialization of a resource. Impact details in the connected sources indicate the issue is exploitable from the local network, and exploitation has been pub...

GHSA-794X-8X6X-QPFC Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

Arbitrary Command Injection

Overview @cdklabs/cdk-proserve-lib is an AWS CDK library containing constructs, aspects, and patterns. Affected versions of this package are vulnerable to Arbitrary Command Injection due to forgetting to export the new Aspect. An attacker can compromise insecure resource policy settings,...

Schneider Electric Trio Q Licensed Data Radio 安全漏洞

Schneider Electric Trio Q Licensed Data Radio is a radio from Schneider Electric France. A security vulnerability exists in Schneider Electric Trio Q Licensed Data Radio versions prior to v2.7.2, which stems from an insecure resource initialization that could lead to unauthorized access...

Schneider Electric Trio Q Licensed Data Radio 安全漏洞

The Schneider Electric Trio Q Licensed Data Radio is a radio from Schneider Electric France. The Schneider Electric Trio Q Licensed Data Radio suffers from an information disclosure vulnerability that stems from an insecure initialization of resources, which can be exploited by an attacker to...

Pexip Infinity 安全漏洞

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. The product provides high quality and secure cloud conferencing capabilities. A security vulnerability exists in Pexip Infinity versions prio...

CVE-2025-2129

Mage AI 0.9.75 is associated with an insecure default initialization of a resource (insecure default authentication setup) that could enable a remote attack. Documents describe a network-vector, high attack complexity, and partial confidentiality/integrity/availability impact. The exploitability ...

Mage AI 安全漏洞

Mage AI is a Mage open source intelligent program for building, running and managing data pipelines. A security vulnerability exists in Mage AI version 0.9.75 that stems from insecure resource initialization...

CVE-2025-0289

Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service. Recent assessments: Assessed...

Juniper Networks Junos OS Evolved 安全漏洞

Juniper Networks Junos OS Evolved is an updated version of Juniper Networks' Junos OS. A security vulnerability in Juniper Networks Junos OS Evolved, which arises from an insecure default resource initialization, can be exploited by an attacker to gain access to certain confidential information a...

CVE-2022-3774

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /trainschedulerapp/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may...

CVE-2019-10971

The application Network Configurator for DeviceNet Safety 3.41 and prior searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories...

prebuild-lwip downloads Resources over HTTP

Affected versions of prebuild-lwip insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

CVE-2016-10674

limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy ...

Downloads Resources over HTTP

Overview Affected versions of prebuild-lwip insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on...

Downloads Resources over HTTP

Overview Affected versions of appium-chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code...