Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1188

CWE-1188

Initialization of a Resource with an Insecure Default

Parent: CWE-1419 - Incorrect Initialization of Resource

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

288 vulnerabilities with CWE-1188

CVE-2025-59097 CRITICAL

dormakaba Access Manager 92xx-k5 and 92xx-k7 - Unauthenticated Configuration Manipulation via SOAP Request

CVE-2025-59090 CRITICAL

Kaba exos 9300 < 4.4.0 - Unauthenticated Information Disclosure via SOAP API

CVE-2025-62877 CRITICAL

SUSE Virtualization (Harvester) <1.5.x,1.6.x - Info Disclosure

CVE-2025-5591 MEDIUM

Kentico Xperience 13.0.0-13.0.166 - Stored Cross-Site Scripting via Form Component

CVE-2025-56332 CRITICAL

pangolin < 1.7.0 - Authentication Bypass via Insecure Default Configuration

CVE-2025-14758 MEDIUM

YAOOK 0.20240809.0-0.20251211.0 - Unprotected Database Replication Exposure via MariaDB Misconfiguration

CVE-2025-66482 MEDIUM

Misskey 13.1.0-2025.11.1 - IP Rate Limit Bypass via X-Forwarded-For Header

CVE-2025-64781 MEDIUM

GroupSession <5.7.1 - Open Redirect

CVE-2025-48629 HIGH

VoiceInteractionManagerService - Privilege Escalation

CVE-2025-48621 HIGH

Android - Insecure Default Tapjacking Protection in DefaultTransitionHandler

CVE-2025-66416 HIGH

MCP Python SDK < 1.23.0 - DNS Rebinding Local Server Tool Invocation

CVE-2025-66414 HIGH

MCP TypeScript SDK < 1.24.0 - DNS Rebinding Local Server Tool Invocation

CVE-2025-52622 MEDIUM

HCL BigFix SaaS Remediate - Insecure Default Security Headers

CVE-2025-13357 HIGH

HashiCorp Vault Terraform Provider < 5.5.0 - Insecure Default LDAP Authentication Configuration

CVE-2025-35021 MEDIUM

Abilis CPX Firmware < 9.0.7 - Unauthenticated Authentication Bypass via SSH

CVE-2025-64135 MEDIUM

Jenkins Eggplant Runner Plugin <0.0.1.301.v963cffe8ddb_8 - Info Dis...

CVE-2025-62802 MEDIUM

DNN <10.1.1 - Info Disclosure

CVE-2025-61481 CRITICAL

MikroTik RouterOS <7.14.2 & SwOS <2.18 - XSS

CVE-2025-41245 MEDIUM

VMware Aria Operations - Info Disclosure

CVE-2025-57295 HIGH

H3C Magic NX15 Firmware NX15V100R015 - Unauthenticated Unauthorized Access via Default Credentials

CVE-2025-43797 MEDIUM

Liferay Portal/DXP - Info Disclosure

CVE-2025-41713 MEDIUM

WAGO Controllers and TP600 Panels - Boot-Time Unauthorized Network Access

CVE-2025-36222 HIGH

IBM Fusion <2.10.1 - Info Disclosure

CVE-2025-59044 MEDIUM

Himmelblau 0.9.0-0.9.22 - Insecure Default Group-to-GID Mapping via Entra ID Display Name

CVE-2025-32330 MEDIUM

Android - Insecure Default Auracast Stream Encryption in LocalBluetoothLeBroadcast

Previous Page 3 of 12 Next

Details

Vulnerabilities 288

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy