CWE-1188 · Initialization of a Resource with an Insecure Default
299 CVEs classified under CWE-1188 (Initialization of a Resource with an Insecure Default). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41679 | Critical | 10.0 | 2026-04-23 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker ca… |
CVE-2026-31957 | Critical | 10.0 | 2026-03-11 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured ten… |
CVE-2025-61481 | Critical | 10.0 | 2025-10-27 | An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to… |
CVE-2025-41672 | Critical | 10.0 | 2025-07-07 | A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices. |
CVE-2024-0001 | Critical | 10.0 | 2024-09-23 | A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor… |
CVE-2024-2912 | Critical | 10.0 | 2024-04-16 | An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By… |
CVE-2021-34795 | Critical | 10.0 | 2021-11-04 | Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ON… |
CVE-2017-7964 | Critical | 10.0 | 2017-04-19 | Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacki… |
CVE-2026-46386 | Critical | 9.9 | 2026-06-26 | OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERW… |
CVE-2026-55454 | Critical | 9.9 | 2026-06-24 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authenti… |
CVE-2026-54158 | Critical | 9.9 | 2026-06-24 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell con… |
CVE-2026-54067 | Critical | 9.9 | 2026-06-24 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag w… |
CVE-2026-44109 | Critical | 9.8 | 2026-05-06 | OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to… |
CVE-2026-39920 | Critical | 9.8 | 2026-04-24 | BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default… |
CVE-2026-28205 | Critical | 9.8 | 2026-04-09 | OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system b… |
CVE-2026-28775 | Critical | 9.8 | 2026-03-04 | An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex Sat… |
CVE-2025-70998 | Critical | 9.8 | 2026-02-18 | UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote… |
CVE-2026-25894 | Critical | 9.8 | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker… |
CVE-2025-62877 | Critical | 9.8 | 2026-01-08 | Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive i… |
CVE-2025-54127 | Critical | 9.8 | 2025-07-21 | HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses… |