CVE-2022-48342
5.2MEDIUM
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
2/23/2023CWE-1188, CWE-1188
Tipo de Debilidad
CWE-1188
Todas las vulnerabilidades CVE clasificadas bajo este tipo de debilidad.
Ver en MITRE CWETotal CVEs
50
Críticos
15
En KEV
0
Con Exploits
0
CVE-2025-2442
6.8MEDIUM
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to unauthorized access which could result in the loss of confidentially, integrity and ...
4/9/2025CWE-1188
CVE-2025-2441
4.6MEDIUM
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory...
4/9/2025CWE-1188
CVE-2025-43015
8.3HIGH
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
4/17/2025CWE-1188, CWE-1188
CVE-2022-48432
5.2MEDIUM
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
3/29/2023CWE-1188, CWE-1188
CVE-2025-1960
9.8CRITICAL
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not...
3/12/2025CWE-1188
CVE-2024-0001
10.0CRITICAL
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
9/23/2024CWE-1188, CWE-1188
CVE-2023-45312
8.8HIGH
In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve r
In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve r...
10/10/2023CWE-1188, CWE-1188
CVE-2021-33130
4.6MEDIUM
Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical
Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical ...
5/12/2022CWE-1188, CWE-1188
CVE-2019-7668
9.8CRITICAL
Prima Systems FlexAir devices have Default Credentials.
Prima Systems FlexAir devices have Default Credentials.
7/1/2019CWE-1188
CVE-2022-1278
7.5HIGH
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
9/13/2022CWE-1188, CWE-1188
CVE-2022-3262
8.1HIGH
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with ...
12/8/2022CWE-453, CWE-1188 +1
CVE-2025-48621
7.3HIGH
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privile
In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privile...
12/8/2025CWE-1188, CWE-1188
CVE-2024-34734
7.8HIGH
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local e
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local e...
8/15/2024CWE-1188, CWE-1188
CVE-2022-24706
9.8CRITICAL
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommen
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommen...
4/26/2022CWE-1188, CWE-1188
CVE-2010-2247
7.5HIGH
makepasswd 1.10 default settings generate insecure passwords
makepasswd 1.10 default settings generate insecure passwords
11/6/2019CWE-1188
CVE-2025-48629
7.8HIGH
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation...
12/8/2025CWE-1188, CWE-1188
CVE-2022-20466
5.5MEDIUM
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to
In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to ...
12/13/2022CWE-1188, CWE-1188
CVE-2021-3586
9.8CRITICAL
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from an
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from an...
8/22/2022CWE-1188, CWE-1188
CVE-2022-48493
7.5HIGH
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
6/19/2023CWE-1188
CVE-2022-48492
7.5HIGH
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
6/19/2023CWE-1188
CVE-2023-5368
6.5MEDIUM
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather...
10/4/2023CWE-1188, CWE-1188
CVE-2023-33949
5.3MEDIUM
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts us
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts us...
5/24/2023CWE-1188, CWE-1188
CVE-2022-32480
4.3MEDIUM
Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated atta
Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated atta...
8/22/2022CWE-1188, CWE-1188
CVE-2019-7252
9.8CRITICAL
Linear eMerge E3-Series devices have Default Credentials.
Linear eMerge E3-Series devices have Default Credentials.
7/2/2019CWE-1188
CVE-2019-19340
8.2HIGH
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ managem
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ managem...
12/19/2019CWE-1188, CWE-1188
CVE-2020-26930
3.3LOW
NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.
NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.
10/9/2020CWE-1188
CVE-2018-17497
8.4HIGH
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
3/21/2019CWE-1188
CVE-2025-47945
9.1CRITICAL
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. Whil
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. Whil...
5/17/2025CWE-453, CWE-1188 +1
CVE-2025-56332
9.1CRITICAL
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration
12/30/2025CWE-1188
CVE-2018-17485
8.4HIGH
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
3/21/2019CWE-1188
CVE-2019-3909
9.8CRITICAL
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
1/18/2019CWE-1188
CVE-2022-2196
5.8MEDIUM
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB...
1/9/2023CWE-1188, CWE-1188
CVE-2025-41672
10.0CRITICAL
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
7/7/2025CWE-1188
CVE-2020-12732
6.5MEDIUM
DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678.
DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678.
7/15/2021CWE-1188
CVE-2025-53602
5.3MEDIUM
Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927.
Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927.
7/4/2025CWE-1188
CVE-2022-42467
5.3MEDIUM
When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is sa
When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is sa...
10/19/2022CWE-1188, CWE-1188 +1
CVE-2022-4224
8.8HIGH
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
3/23/2023CWE-1188, CWE-1188
CVE-2024-48122
6.7MEDIUM
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges.
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges.
1/15/2025CWE-1188
CVE-2020-13927
9.8CRITICAL
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the de
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the de...
11/10/2020CWE-306, CWE-1188 +3
CVE-2024-41975
5.3MEDIUM
An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
3/18/2025CWE-1188
CVE-2021-38759
9.8CRITICAL
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
12/7/2021CWE-1188
CVE-2019-16272
9.8CRITICAL
On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.
On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.
1/6/2020CWE-1188
CVE-2018-15350
9.8CRITICAL
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.
8/17/2018CWE-1188
CVE-2023-27524
8.9HIGH
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for...
4/24/2023CWE-1188, CWE-1188
CVE-2020-11915
6.8MEDIUM
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface ...
2/8/2021CWE-1188, CWE-1188
CVE-2025-14758
6.5MEDIUM
Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials
Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials
12/16/2025CWE-1188
CVE-2025-41245
4.9MEDIUM
VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials
VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials ...
9/29/2025CWE-1188
CVE-2019-16102
9.8CRITICAL
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
9/8/2019CWE-1188
CVE-2018-3667
7.8HIGH
Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.
Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.
7/10/2018CWE-1188
Mostrando 50 de many CVEs