CWE-1188 · Initialization of a Resource with an Insecure Default

299 CVEs classified under CWE-1188 (Initialization of a Resource with an Insecure Default). Browse by severity and year.

Top CVEs for CWE-1188
CVESeverityScorePublishedSummary
CVE-2026-41679Critical10.02026-04-23Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker ca…
CVE-2026-31957Critical10.02026-03-11Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured ten…
CVE-2025-61481Critical10.02025-10-27An issue in MikroTik RouterOS v.7.14.2 and SwOS v.2.18 exposes the WebFig management interface over cleartext HTTP by default, allowing an on-path attacker to…
CVE-2025-41672Critical10.02025-07-07A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
CVE-2024-0001Critical10.02024-09-23A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor…
CVE-2024-2912Critical10.02024-04-16An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By…
CVE-2021-34795Critical10.02021-11-04Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ON…
CVE-2017-7964Critical10.02017-04-19Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacki…
CVE-2026-46386Critical9.92026-06-26OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERW…
CVE-2026-55454Critical9.92026-06-24Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authenti…
CVE-2026-54158Critical9.92026-06-24SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell con…
CVE-2026-54067Critical9.92026-06-24SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing </style> breaks out of its surrounding <style> tag w…
CVE-2026-44109Critical9.82026-05-06OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to…
CVE-2026-39920Critical9.82026-04-24BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default…
CVE-2026-28205Critical9.82026-04-09OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system b…
CVE-2026-28775Critical9.82026-03-04An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex Sat…
CVE-2025-70998Critical9.82026-02-18UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote…
CVE-2026-25894Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker…
CVE-2025-62877Critical9.82026-01-08Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password  if they are using the 1.5.x or 1.6.x interactive i…
CVE-2025-54127Critical9.82025-07-21HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses…