Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1188

CWE-1188

Initialization of a Resource with an Insecure Default

Parent: CWE-1419 - Incorrect Initialization of Resource

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

261 vulnerabilities with CWE-1188

CVE-2026-39920 CRITICAL

BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE

CVE-2026-6043 HIGH

Insecure Default Configuration in P4 Server

CVE-2026-41679 CRITICAL

Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

CVE-2026-32965 HIGH

SD-330AC Ver.1.42 - Insecure Default

CVE-2026-28205 CRITICAL

Initialization of a resource with an insecure default in OpenPLC_V3

CVE-2026-34780 HIGH

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

CVE-2026-31818 CRITICAL

Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist

CVE-2026-34742 HIGH

Model Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on Localhost

CVE-2026-24148 HIGH

Nvidia Jetson Xavier Series And Jetson Orin Series - Denial of Service

CVE-2026-32046 MEDIUM

OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag

CVE-2026-32305 MEDIUM

Traefik mTLS bypass via fragmented ClientHello SNI extraction failure

CVE-2026-33072 HIGH

FileRise: Default Encryption Key Enables Token Forgery and Config Decryption

CVE-2026-33037 HIGH

WWBN AVideo has predictable default admin credentials in official Docker deployment path

CVE-2026-32617 HIGH

AnythingLLM <=1.11.1 - Auth Bypass

CVE-2026-31957 CRITICAL

Himmelblau 3.0.0-3.1.0 - Auth Bypass

CVE-2026-26122 MEDIUM

Microsoft ACI Confidential Containers - Info Disclosure

CVE-2026-28775 CRITICAL

IDC SFX Series - RCE

CVE-2026-2617 MEDIUM

Beetel 777VR1 <=01.00.09 - Insecure Default

CVE-2026-25894 CRITICAL

FUXA <1.2.9 - RCE

CVE-2026-1675 MEDIUM

WordPress Advanced Country Blocker <2.3.1 - Auth Bypass

CVE-2026-25499 HIGH

BPG Terraform Provider < 0.93.1 - Path Traversal

CVE-2025-70998 CRITICAL

UTT HiPER 810 v1.5.0-140603 - Auth Bypass

CVE-2025-69970 CRITICAL

FUXA v1.2.7 - Info Disclosure

CVE-2025-59097 CRITICAL

exos 9300 - Info Disclosure

CVE-2025-59090 CRITICAL

exos 9300 - Info Disclosure

Page 1 of 11 Next

Details

Vulnerabilities 261

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy