Fallos del tipo CWE-1188
171 resultadosCVE-2026-44588CRITICALSiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSSEPSS 0.5%CVE-2026-31957CRITICALHimmelblau unset domain configuration can allow any-tenant authentication at first login for remote deploymentsEPSS 0.5%CVE-2025-1960CRITICALCWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an
attacker to execute unauthorized coEPSS 0.5%CVE-2025-13357HIGHVault Terraform Provider Applied Incorrect Defaults for LDAP Auth MethodEPSS 0.5%CVE-2019-25219HIGHAsio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no associated error information from the SSEPSS 0.5%CVE-2025-62877CRITICALHarvest may expose OS default ssh login password via SUSE Virtualization Interactive InstallerEPSS 0.5%CVE-2023-28978MEDIUMJunos OS Evolved: Read access to some confidential user information is possibleEPSS 0.5%CVE-2025-69970CRITICALFUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented ouEPSS 0.5%CVE-2026-6043HIGHInsecure Default Configuration in P4 ServerEPSS 0.5%CVE-2026-28205CRITICALInitialization of a resource with an insecure default in OpenPLC_V3EPSS 0.4%CVE-2025-66416HIGHDNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on LocalhostEPSS 0.4%CVE-2025-66414HIGHDNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on LocalhostEPSS 0.4%CVE-2025-22248CRITICAL[pgpool] Unauthenticated access to postgres through pgpoolEPSS 0.4%CVE-2022-48492—Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.EPSS 0.4%CVE-2022-48493—Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.EPSS 0.4%CVE-2026-25499HIGHterraform-provider-proxmox has insecure sudo recommendation in the documentationEPSS 0.4%CVE-2025-24288CRITICALThe Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multEPSS 0.4%CVE-2025-70998CRITICALUTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possiblEPSS 0.4%CVE-2026-34742HIGHModel Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on LocalhostEPSS 0.4%CVE-2024-41975MEDIUMCODESYS (Edge) Gateway for Windows insecure defaultEPSS 0.4%