Common Weakness Enumeration

CWE-1188

Allowed

Initialization of a Resource with an Insecure Default

Abstraction: Base · Status: Incomplete

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

402 vulnerabilities reference this CWE, most recent first.

GHSA-4Q93-5G3H-45P9

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46
VLAI
Details

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-13T06:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0.",
  "id": "GHSA-4q93-5g3h-45p9",
  "modified": "2022-05-13T01:46:44Z",
  "published": "2022-05-13T01:46:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6685"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98990"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X6R-QC3X-J39X

Vulnerability from github – Published: 2025-09-15 09:30 – Updated: 2025-09-15 09:30
VLAI
Details

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T08:15:35Z",
    "severity": "MODERATE"
  },
  "details": "During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration.",
  "id": "GHSA-4x6r-qc3x-j39x",
  "modified": "2025-09-15T09:30:19Z",
  "published": "2025-09-15T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41713"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/en/advisories/VDE-2025-083"
    },
    {
      "type": "WEB",
      "url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-083.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4X9V-H3R3-C3MF

Vulnerability from github – Published: 2025-08-16 12:30 – Updated: 2025-11-19 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix the smbd_response slab to allow usercopy

The handling of received data in the smbdirect client code involves using copy_to_iter() to copy data from the smbd_reponse struct's packet trailer to a folioq buffer provided by netfslib that encapsulates a chunk of pagecache.

If, however, CONFIG_HARDENED_USERCOPY=y, this will result in the checks then performed in copy_to_iter() oopsing with something like the following:

CIFS: Attempting to mount //172.31.9.1/test CIFS: VFS: RDMA transport established usercopy: Kernel memory exposure attempt detected from SLUB object 'smbd_response_0000000091e24ea1' (offset 81, size 63)! ------------[ cut here ]------------ kernel BUG at mm/usercopy.c:102! ... RIP: 0010:usercopy_abort+0x6c/0x80 ... Call Trace: __check_heap_object+0xe3/0x120 __check_object_size+0x4dc/0x6d0 smbd_recv+0x77f/0xfe0 [cifs] cifs_readv_from_socket+0x276/0x8f0 [cifs] cifs_read_from_socket+0xcd/0x120 [cifs] cifs_demultiplex_thread+0x7e9/0x2d50 [cifs] kthread+0x396/0x830 ret_from_fork+0x2b8/0x3b0 ret_from_fork_asm+0x1a/0x30

The problem is that the smbd_response slab's packet field isn't marked as being permitted for usercopy.

Fix this by passing parameters to kmem_slab_create() to indicate that copy_to_iter() is permitted from the packet region of the smbd_response slab objects, less the header space.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-16T12:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix the smbd_response slab to allow usercopy\n\nThe handling of received data in the smbdirect client code involves using\ncopy_to_iter() to copy data from the smbd_reponse struct\u0027s packet trailer\nto a folioq buffer provided by netfslib that encapsulates a chunk of\npagecache.\n\nIf, however, CONFIG_HARDENED_USERCOPY=y, this will result in the checks\nthen performed in copy_to_iter() oopsing with something like the following:\n\n CIFS: Attempting to mount //172.31.9.1/test\n CIFS: VFS: RDMA transport established\n usercopy: Kernel memory exposure attempt detected from SLUB object \u0027smbd_response_0000000091e24ea1\u0027 (offset 81, size 63)!\n ------------[ cut here ]------------\n kernel BUG at mm/usercopy.c:102!\n ...\n RIP: 0010:usercopy_abort+0x6c/0x80\n ...\n Call Trace:\n  \u003cTASK\u003e\n  __check_heap_object+0xe3/0x120\n  __check_object_size+0x4dc/0x6d0\n  smbd_recv+0x77f/0xfe0 [cifs]\n  cifs_readv_from_socket+0x276/0x8f0 [cifs]\n  cifs_read_from_socket+0xcd/0x120 [cifs]\n  cifs_demultiplex_thread+0x7e9/0x2d50 [cifs]\n  kthread+0x396/0x830\n  ret_from_fork+0x2b8/0x3b0\n  ret_from_fork_asm+0x1a/0x30\n\nThe problem is that the smbd_response slab\u0027s packet field isn\u0027t marked as\nbeing permitted for usercopy.\n\nFix this by passing parameters to kmem_slab_create() to indicate that\ncopy_to_iter() is permitted from the packet region of the smbd_response\nslab objects, less the header space.",
  "id": "GHSA-4x9v-h3r3-c3mf",
  "modified": "2025-11-19T00:31:23Z",
  "published": "2025-08-16T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38523"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/43e7e284fc77b710d899569360ea46fa3374ae22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87dcc7e33fc3dcb8ed32333cec016528b5bb6ce4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0dd353d47f7051afa98c6c60c7486831eb1a410"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4XQM-VFVR-257F

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32
VLAI
Details

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-3825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-19T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper directly they would be able to access configuration information of other tenants if their cluster ID is known.",
  "id": "GHSA-4xqm-vfvr-257f",
  "modified": "2022-05-13T01:32:17Z",
  "published": "2022-05-13T01:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3825"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
    },
    {
      "type": "WEB",
      "url": "https://www.elastic.co/community/security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-53VX-PMQW-863C

Vulnerability from github – Published: 2026-04-17 21:58 – Updated: 2026-05-08 01:32
VLAI
Summary
OpenClaw: Browser SSRF policy default allowed private-network navigation
Details

Summary

Browser SSRF policy default allowed private-network navigation.

Affected Packages / Versions

  • Package: openclaw
  • Ecosystem: npm
  • Affected versions: < 2026.4.14
  • Patched versions: >= 2026.4.14

Impact

Browser SSRF protection could allow private-network navigation by default in paths where restrictive behavior was expected, exposing internal services or metadata endpoints through browser-driven requests.

Technical Details

The fix preserves strict SSRF configuration semantics, keeps private-network access disabled unless explicitly opted in, and updates loopback CDP readiness handling for the stricter default.

Fix

The issue was fixed in #66354 and #66386. The first stable tag containing the fix is v2026.4.14, and openclaw@2026.4.14 includes the fix.

Fix Commit(s)

  • 024f4614a1a1831406e763adc40ef226e3d5e9ed
  • 1dabfef28db523e7de81edeb3dd689e9171236a2
  • 213c36cf51121ef6c05cfccd78037371f968f31a
  • 7eecfa411df3d12e6b810e6ca5df47254fc3db3f
  • PR: #66354, #66386

Release Process Note

Users should upgrade to openclaw 2026.4.14 or newer. The latest npm release, 2026.4.14, already includes the fix.

Credits

Thanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-43527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-17T21:58:15Z",
    "nvd_published_at": "2026-05-05T12:16:18Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nBrowser SSRF policy default allowed private-network navigation.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `\u003c 2026.4.14`\n- Patched versions: `\u003e= 2026.4.14`\n\n## Impact\n\nBrowser SSRF protection could allow private-network navigation by default in paths where restrictive behavior was expected, exposing internal services or metadata endpoints through browser-driven requests.\n\n## Technical Details\n\nThe fix preserves strict SSRF configuration semantics, keeps private-network access disabled unless explicitly opted in, and updates loopback CDP readiness handling for the stricter default.\n\n## Fix\n\nThe issue was fixed in #66354 and #66386. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `024f4614a1a1831406e763adc40ef226e3d5e9ed`\n- `1dabfef28db523e7de81edeb3dd689e9171236a2`\n- `213c36cf51121ef6c05cfccd78037371f968f31a`\n- `7eecfa411df3d12e6b810e6ca5df47254fc3db3f`\n- PR: #66354, #66386\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.",
  "id": "GHSA-53vx-pmqw-863c",
  "modified": "2026-05-08T01:32:14Z",
  "published": "2026-04-17T21:58:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43527"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/pull/66354"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/pull/66386"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/024f4614a1a1831406e763adc40ef226e3d5e9ed"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/1dabfef28db523e7de81edeb3dd689e9171236a2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/213c36cf51121ef6c05cfccd78037371f968f31a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/7eecfa411df3d12e6b810e6ca5df47254fc3db3f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-private-network-navigation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Browser SSRF policy default allowed private-network navigation"
}

GHSA-555P-M4V6-CQXV

Vulnerability from github – Published: 2024-02-28 18:06 – Updated: 2024-02-28 18:06
VLAI
Summary
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Details

ASA-2024-004: Default configuration param for Evidence may limit window of validity

Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers

Summary

A default configuration in CometBFT has been found to be small for common use cases, and may prevent the slashing mechanism from working in specific cases. The default values for EvidenceParams.MaxAgeNumBlocks and EvidenceParams.MaxAgeDuration consensus parameters may not be sufficient for common use cases to provide coverage for the entire unbonding period for a chain (Staking.UnbondingTime). If the conditions of both of these parameters are exceeded, evidence may be prematurely expired and considered no longer valid, potentially allowing for unpunished Byzantine behavior if evidence is discovered outside of that window.

Next Steps for Chains and Validators

It is recommended that chain ecosystems and their maintainers set the consensus parameters EvidenceParams.MaxAgeNumBlocks and EvidenceParams.MaxAgeDuration to values appropriate for their use case:
- EvidenceParams.MaxAgeDuration (set in nanoseconds) should exceed the duration of the chain’s unbonding period - EvidenceParams.MaxAgeNumBlocks should exceed the number of estimated blocks that will be produced by your chain throughout the unbonding period

For more information about evidence in CometBFT, please see: https://docs.cometbft.com/v0.37/spec/consensus/evidence.

For more information about the cosmos-sdk x/staking and x/slashing modules, and UnbondingTime parameter, please see: https://docs.cosmos.network/v0.50/build/modules/staking and https://docs.cosmos.network/v0.50/build/modules/slashing.

CometBFT is designed to be configurable by chains, and implements many different configuration variables and parameters to allow chain developers, validators, node operators, and chain participants to customize it best to their use case.

As more chains adopt the Interchain Stack for new and cutting-edge use cases, the CometBFT team recommends that all chains regularly evaluate their consensus parameters and configurations to ensure they meet the needs of their ecosystem as their networks mature.

A Github Security Advisory for this issue is available in the CometBFT repository. For more information about CometBFT, see https://docs.cometbft.com/.

This issue was reported to the Cosmos Bug Bounty Program on HackerOne on February 15, 2024. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cometbft/cometbft"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.38.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-28T18:06:24Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "## ASA-2024-004: Default configuration param for Evidence may limit window of validity\n\n**Component**: CometBFT\n**Criticality**: Low\n**Affected versions**: All\n**Affected users**: Validators, Chain Builders + Maintainers\n\n## Summary\n\nA default configuration in CometBFT has been found to be small for common use cases, and may prevent the slashing mechanism from working in specific cases.  The default values for `EvidenceParams.MaxAgeNumBlocks` and `EvidenceParams.MaxAgeDuration` consensus parameters may not be sufficient for common use cases to provide coverage for the entire unbonding period for a chain (`Staking.UnbondingTime`). If the conditions of both of these parameters are exceeded, evidence may be prematurely expired and considered no longer valid, potentially allowing for unpunished Byzantine behavior if evidence is discovered outside of that window.\n\n## Next Steps for Chains and Validators\n\nIt is recommended that chain ecosystems and their maintainers set the consensus parameters `EvidenceParams.MaxAgeNumBlocks` and `EvidenceParams.MaxAgeDuration` to values appropriate for their use case:  \n- `EvidenceParams.MaxAgeDuration` (set in nanoseconds) should exceed the duration of the chain\u2019s unbonding period\n- `EvidenceParams.MaxAgeNumBlocks` should exceed the number of estimated blocks that will be produced by your chain throughout the unbonding period\n\nFor more information about evidence in CometBFT, please see: https://docs.cometbft.com/v0.37/spec/consensus/evidence.\n\nFor more information about the cosmos-sdk  `x/staking` and `x/slashing` modules, and `UnbondingTime` parameter, please see: https://docs.cosmos.network/v0.50/build/modules/staking and https://docs.cosmos.network/v0.50/build/modules/slashing.\n\nCometBFT is designed to be configurable by chains, and implements many different configuration variables and parameters to allow chain developers, validators, node operators, and chain participants to customize it best to their use case. \n\nAs more chains adopt the Interchain Stack for new and cutting-edge use cases, the CometBFT team recommends that all chains regularly evaluate their consensus parameters and configurations to ensure they meet the needs of their ecosystem as their networks mature. \n\nA Github Security Advisory for this issue is available in the [CometBFT repository](https://github.com/cometbft/cometbft/security/advisories/GHSA-555p-m4v6-cqxv). For more information about CometBFT, see https://docs.cometbft.com/. \n\nThis issue was reported to the Cosmos Bug Bounty Program on HackerOne on February 15, 2024. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos.\n",
  "id": "GHSA-555p-m4v6-cqxv",
  "modified": "2024-02-28T18:06:24Z",
  "published": "2024-02-28T18:06:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-555p-m4v6-cqxv"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cometbft/cometbft"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "ASA-2024-004: Default configuration param for Evidence may limit window of validity"
}

GHSA-5842-R2VF-GMXV

Vulnerability from github – Published: 2026-04-20 06:31 – Updated: 2026-04-20 06:31
VLAI
Details

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-20T04:16:45Z",
    "severity": "HIGH"
  },
  "details": "Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password.",
  "id": "GHSA-5842-r2vf-gmxv",
  "modified": "2026-04-20T06:31:27Z",
  "published": "2026-04-20T06:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32965"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU94271449"
    },
    {
      "type": "WEB",
      "url": "https://www.silex.jp/support/security-advisories/2026-001"
    },
    {
      "type": "WEB",
      "url": "https://www.silex.jp/support/security-advisories/en/2026-001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5CX2-VQ3H-X52C

Vulnerability from github – Published: 2023-04-24 18:30 – Updated: 2025-10-22 19:20
VLAI
Summary
Apache superset missing check for default SECRET_KEY
Details

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-superset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-27524"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-24T22:37:53Z",
    "nvd_published_at": "2023-04-24T16:15:07Z",
    "severity": "HIGH"
  },
  "details": "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.",
  "id": "GHSA-5cx2-vq3h-x52c",
  "modified": "2025-10-22T19:20:31Z",
  "published": "2023-04-24T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27524"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/superset/commit/b180319bbf08e876ea84963220ebebbfd0699e03"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/superset"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27524"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2023/04/24/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/04/24/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache superset missing check for default SECRET_KEY"
}

GHSA-5MRQ-42CR-23MG

Vulnerability from github – Published: 2025-03-12 18:32 – Updated: 2025-03-13 21:31
VLAI
Details

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1960"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-12T16:15:20Z",
    "severity": "CRITICAL"
  },
  "details": "CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an\nattacker to execute unauthorized commands when a system\u2019s default password credentials have not been\nchanged on first use. The default username is not displayed correctly in the WebHMI interface.",
  "id": "GHSA-5mrq-42cr-23mg",
  "modified": "2025-03-13T21:31:19Z",
  "published": "2025-03-12T18:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1960"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-070-03.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5R2Q-3WG3-57M2

Vulnerability from github – Published: 2026-07-11 15:30 – Updated: 2026-07-11 15:30
VLAI
Details

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financial manipulation that trigger HIGH severity detection but are logged without blocking, enabling system prompt extraction and unauthorized tool invocations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-61439"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-11T14:16:22Z",
    "severity": "HIGH"
  },
  "details": "PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financial manipulation that trigger HIGH severity detection but are logged without blocking, enabling system prompt extraction and unauthorized tool invocations.",
  "id": "GHSA-5r2q-3wg3-57m2",
  "modified": "2026-07-11T15:30:23Z",
  "published": "2026-07-11T15:30:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-fj8f-m44g-c479"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-61439"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/praisonai-before-prompt-injection-defense-bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.