Total
211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41975 | 2025-03-18 | 5.3 Medium | ||
| An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs. | ||||
| CVE-2025-1960 | 2025-03-13 | 9.8 Critical | ||
| CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interface. | ||||
| CVE-2022-48342 | 1 Jetbrains | 1 Teamcity | 2025-03-12 | 5.2 Medium |
| In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | ||||
| CVE-2025-2129 | 2025-03-10 | 5.6 Medium | ||
| A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. After 7 months of repeated follow-ups by the researcher, Mage AI has decided to not accept this issue as a valid security vulnerability and has confirmed that they will not be addressing it. | ||||
| CVE-2024-50390 | 2025-03-07 | N/A | ||
| A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later | ||||
| CVE-2024-0387 | 1 Moxa | 14 Eds-4008, Eds-4008 Firmware, Eds-4009 and 11 more | 2025-02-25 | 6.5 Medium |
| The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests. | ||||
| CVE-2022-2196 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-02-13 | 5.8 Medium |
| A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a | ||||
| CVE-2022-38745 | 2 Apache, Redhat | 2 Openoffice, Enterprise Linux | 2025-02-13 | 7.8 High |
| Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. | ||||
| CVE-2023-1618 | 1 Mitsubishielectric | 2 Melsec Ws0-geth00200, Melsec Ws0-geth00200 Firmware | 2025-02-12 | 7.5 High |
| Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware. | ||||
| CVE-2022-48432 | 1 Jetbrains | 1 Intellij Idea | 2025-02-12 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. | ||||
| CVE-2024-32114 | 1 Apache | 1 Activemq | 2025-02-11 | 8.5 High |
| In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement: <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping"> <property name="constraint" ref="securityConstraint" /> <property name="pathSpec" value="/" /> </bean> Or we encourage users to upgrade to Apache ActiveMQ 6.1.2 where the default configuration has been updated with authentication by default. | ||||
| CVE-2023-28978 | 1 Juniper | 1 Junos Os Evolved | 2025-02-05 | 5.3 Medium |
| An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured (administrative) users of the affected system. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S7-EVO on pending commit???; 21.1-EVO versions prior to 21.1R3-S4-EVO on awaiting build; 21.4-EVO versions prior to 21.4R3-S1-EVO; 22.2-EVO versions prior to 22.2R3-EVO; 21.2-EVO versions prior to 21.2R3-S5-EVO on pending commit???; 21.3-EVO version 21.3R1-EVO and later versions; 22.1-EVO version 22.1R1-EVO and later versions; 22.2-EVO versions prior to 22.2R2-S1-EVO. | ||||
| CVE-2024-48122 | 2025-02-03 | 6.7 Medium | ||
| Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges. | ||||
| CVE-2023-31486 | 3 Http\, Perl, Redhat | 4 \, Perl, Enterprise Linux and 1 more | 2025-01-30 | 8.1 High |
| HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | ||||
| CVE-2024-26267 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 5.3 Medium |
| In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header. | ||||
| CVE-2024-6788 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-23 | 8.6 High |
| A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password. | ||||
| CVE-2024-56433 | 2024-12-27 | 3.6 Low | ||
| shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. | ||||
| CVE-2024-34734 | 1 Google | 1 Android | 2024-12-17 | 7.7 High |
| In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-48493 | 1 Huawei | 1 Emui | 2024-12-17 | 7.5 High |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2022-48492 | 1 Huawei | 1 Emui | 2024-12-17 | 7.5 High |
| Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. | ||||