Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1188

CWE-1188

Initialization of a Resource with an Insecure Default

Parent: CWE-1419 - Incorrect Initialization of Resource

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

288 vulnerabilities with CWE-1188

CVE-2025-38523 MEDIUM

Linux Kernel 6.12-6.12.35, 6.13-6.15.7 - Unauthenticated Memory Exposure via SMB Direct Response Slab

CVE-2025-7353 CRITICAL

Rockwell Automation ControlLogix - Memory Corruption

CVE-2025-54127 CRITICAL

haxcms-nodejs < 11.0.7 - Unauthenticated Access via Insecure Default Configuration

CVE-2025-44647 HIGH

TRENDnet TEW-WLC100P 2.03b03 - Info Disclosure

CVE-2025-25271 HIGH

Phoenixcontact Phoenix Contact CHARX SEC Firmware <= 1.7.3 - Insecure Default Configuration

CVE-2025-41672 CRITICAL

Default Certificates - Unauthenticated RCE

CVE-2025-53602 MEDIUM

Open Zipkin/Zipkin < 3.5.1 - Unauthenticated Heap Dump Exposure via /heapdump Endpoint

CVE-2025-24288 CRITICAL

Versa Director - Insecure Default Credentials and Exposed Services

CVE-2025-41438 CRITICAL

CS5000 Fire Panel - Privilege Escalation

CVE-2025-48927 MEDIUM KEV

TeleMessage - Insecure Default Configuration Exposing Heap Dump via Spring Boot Actuator

CVE-2025-47945 CRITICAL

donetick < 0.1.44 - Unauthenticated Account Takeover via Weak JWT Signing Secret

CVE-2025-31930 HIGH

Siemens IEC EV Chargers < V2.135 - Unauthenticated Remote Control via Modbus

CVE-2025-22248 HIGH

bitnami/pgpool & bitnami/postgres-ha - Info Disclosure

CVE-2025-46599 MEDIUM

CNCF K3s <1.32.4-rc1+k3s1 - Info Disclosure

CVE-2025-1863 CRITICAL

Yokogawa Electric Corporation - Info Disclosure

CVE-2025-43015 HIGH

JetBrains RubyMine < 2025.1 - Insecure Default Port Binding in Remote Interpreter

CVE-2025-2442 MEDIUM

Schneider Electric Trio Q Licensed Data Radio < 2.7.2 - Unauthorized Access via Factory Default Mode

CVE-2025-2441 MEDIUM

Initialization of a Resource with an Insecure Default - Info Disclo...

CVE-2025-27443 LOW

Zoom Workplace Apps for Windows - Info Disclosure

CVE-2025-29985 MEDIUM

Dell Common Event Enabler 9.0.0.0 - Unauthenticated Unauthorized Access via Insecure Default in Common Anti-Virus Agent

CVE-2025-27809 MEDIUM

Mbed TLS <2.28.10 & <3.6.3 - SSL/TLS

CVE-2025-1960 CRITICAL

Schneider Electric WebHMI - Unauthenticated Remote Code Execution via Default Credentials

CVE-2025-2129 MEDIUM

Mage AI 0.9.75 - Insecure Default Authentication Setup

CVE-2024-8313 HIGH

B&R APROL <4.4-00P5 - Info Disclosure

CVE-2024-41975 MEDIUM

CODESYS Edge Gateway < 3.5.21.0 - Unauthenticated Information Disclosure

Previous Page 4 of 12 Next

Details

Vulnerabilities 288

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy