CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
247 vulnerabilities with CWE-1188
CVE-2018-25193
HIGH
Mongoose Web Server 6.9 - DoS
CVSS 7.5
CVE-2018-25169
HIGH
AMPPS 2.7 - DoS
CVSS 7.5
CVE-2026-26122
MEDIUM
Microsoft ACI Confidential Containers - Info Disclosure
CVSS 6.5
CVE-2026-28775
IDC SFX Series - RCE
CVE-2025-70998
CRITICAL
UTT HiPER 810 v1.5.0-140603 - Auth Bypass
CVSS 9.8
CVE-2026-2617
MEDIUM
Beetel 777VR1 <=01.00.09 - Insecure Default
CVSS 6.3
CVE-2026-25894
CRITICAL
FUXA <1.2.9 - RCE
CVSS 9.8
CVE-2026-1675
MEDIUM
WordPress Advanced Country Blocker <2.3.1 - Auth Bypass
CVSS 5.3
CVE-2026-25499
HIGH
BPG Terraform Provider < 0.93.1 - Path Traversal
CVSS 7.5
CVE-2025-69970
CRITICAL
FUXA v1.2.7 - Info Disclosure
CVSS 9.3
CVE-2025-59097
exos 9300 - Info Disclosure
CVE-2025-59090
exos 9300 - Info Disclosure
CVE-2025-62877
CRITICAL
SUSE Virtualization (Harvester) <1.5.x,1.6.x - Info Disclosure
CVSS 9.8
CVE-2025-5591
MEDIUM
Kentico Xperience 13 - XSS
CVSS 5.4
CVE-2025-56332
CRITICAL
Pangolin < 1.7.0 - Authentication Bypass
CVSS 9.1
CVE-2025-14758
MEDIUM
YAOOK Operator - Info Disclosure
CVSS 6.5
CVE-2025-66482
MEDIUM
Misskey <2025.12.0-alpha.2 - SSRF
CVSS 6.5
CVE-2025-64781
MEDIUM
GroupSession <5.7.1 - Open Redirect
CVSS 4.7
CVE-2025-48629
HIGH
VoiceInteractionManagerService - Privilege Escalation
CVSS 7.8
CVE-2025-48621
HIGH
Java - Privilege Escalation
CVSS 7.3
CVE-2025-66416
MCP Python SDK <1.23.0 - SSRF
CVE-2025-66414
MCP TypeScript SDK <1.24.0 - SSRF
CVE-2025-52622
MEDIUM
BigFix SaaS - XSS
CVSS 5.4
CVE-2025-13357
HIGH
Hashicorp Terraform Provider < 5.5.0 - Authentication Bypass
CVSS 7.4
CVE-2025-35021
MEDIUM
Abilis CPX - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities
247