Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1188

CWE-1188

Initialization of a Resource with an Insecure Default

Parent: CWE-1419 - Incorrect Initialization of Resource

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

288 vulnerabilities with CWE-1188

CVE-2026-9262 MEDIUM

Canon Inc. Eos Network Setting Tool For Windows - Initialization of a Resource with an Insecure Default

CVE-2026-54359 HIGH

MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

CVE-2026-44892 HIGH

Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

CVE-2026-40994 HIGH

Spring Web Services - Wss4jSecurityInterceptor Disables WS-I BSP Validation by Default

CVE-2026-46517 HIGH

LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

CVE-2026-36616 MEDIUM

Mercusys AC12G (EU) V1 AC12G(EU)_V1_200909 - Hardcoded WiFi Driver Credentials Exposure

CVE-2026-36612 MEDIUM

Mercusys AC12G (EU) V1 Firmware AC12G(EU)_V1_200909 - Weak WPS Lockout Policy

CVE-2026-44825 HIGH

Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

CVE-2026-9039 HIGH

Initialization of a resource with an insecure default in XCharge C6

CVE-2026-35672 HIGH

phpMyFAQ - Authentication Bypass via Empty API Token

CVE-2026-24197 MEDIUM

Nvidia GeForce - Initialization of a Resource with an Insecure Default

CVE-2026-46430 MEDIUM

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

CVE-2026-45728 HIGH

Algernon: Single-file mode unconditionally enables debug mode

CVE-2026-44670 CRITICAL

SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan

CVE-2026-44588 CRITICAL

SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

CVE-2026-33376 HIGH

Grafana OSS Insecure Default IPv6 Allow-List Mask in Auth Proxy

CVE-2026-43892 HIGH

AntSword: Incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection

CVE-2026-30805 CRITICAL

Insecure Default Initialization in API Authentication leads to Authentication Bypass

CVE-2026-6866 HIGH

Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

CVE-2026-27662 HIGH

Siemens Simatic Hmi MTP1000 Unified Comfort Panel - Initialization of a Resource with an Insecure Default

CVE-2026-41432 HIGH

New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

CVE-2026-44338 HIGH

PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

CVE-2026-44109 CRITICAL

OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation

CVE-2026-43581 CRITICAL

OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding

CVE-2026-41931 MEDIUM

Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler

Page 1 of 12 Next

Details

Vulnerabilities 288

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy