Login Sign Up

CWE-1188: CWE-1188

64
Total CVEs
22
Critical
21
High
7.9
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
7
2025
29
2024
10
2023
4
2022
4

Top Affected Vendors

1 Google 6
2 Linux 3
3 Apache 2
4 Pangolin 1
5 Vitec 1
6 Liferay 1
7 Tieline 1
8 Antek 1
9 Basetech 1
10 Hashicorp 1

All CWE-1188 CVEs (64)

CVE-2025-41672
10.0

This critical vulnerability allows remote unauthenticated attackers to generate valid JWT tokens using default certificates, granting them full admini...

Jul 7, 2025
CVE-2024-0001
10.0

A local administrative account intended for initial FlashArray configuration remains active after setup, allowing attackers with local access to gain ...

Sep 23, 2024
CVE-2024-2912
10.0

This CVE describes a critical insecure deserialization vulnerability in BentoML that allows remote attackers to execute arbitrary commands on servers ...

Apr 16, 2024
CVE-2025-70998
9.8

This vulnerability allows remote attackers to gain root access to UTT HiPER 810 / nv810v4 routers via telnet using insecure default credentials. Attac...

Feb 18, 2026
CVE-2025-62877
9.8

CVE-2025-62877 exposes the default SSH login password in SUSE Harvester virtualization environments when using the interactive installer (1.5.x or 1.6...

Jan 8, 2026
CVE-2025-24288
9.8

CVE-2025-24288 is a critical authentication vulnerability in Versa Director software where default credentials on multiple accounts (most with sudo ac...

Jun 19, 2025
CVE-2025-1960
9.8

This vulnerability allows attackers to execute unauthorized commands on Schneider Electric systems when default credentials remain unchanged after ins...

Mar 12, 2025
CVE-2024-28815
9.8

This critical vulnerability in Mitel InAttend and CMG systems allows attackers to access sensitive information, modify system configurations, or execu...

Mar 27, 2024
CVE-2023-6448
9.8

CVE-2023-6448 allows unauthenticated attackers with network access to take administrative control of Unitronics Vision and Samba PLCs and HMIs by expl...

Dec 5, 2023
CVE-2022-31806
9.8

CODESYS V2 PLCWinNT and Runtime Toolkit 32 versions before V2.4.7.57 have password protection disabled by default with no prompt to enable it. This al...

Jun 24, 2022
CVE-2022-24706
9.8

CVE-2022-24706 is a critical authentication bypass vulnerability in Apache CouchDB that allows unauthenticated attackers to gain admin privileges on i...

Apr 26, 2022
CVE-2021-38759
9.8

CVE-2021-38759 is a critical authentication vulnerability in Raspberry Pi OS where the default 'pi' user account has a known default password ('raspbe...

Dec 7, 2021
CVE-2021-42109
9.8

CVE-2021-42109 is a privilege escalation vulnerability in VITEC Exterity IPTV products that allows authenticated users to gain root access. This affec...

Oct 8, 2021
CVE-2021-35336
9.8

CVE-2021-35336 is an authentication bypass vulnerability in Tieline IP Audio Gateway's web administrative interface that allows unauthenticated attack...

Jul 1, 2021
CVE-2021-28123
9.8

Cohesity DataPlatform versions 6.3 through 6.5.1b contain an undocumented default SSH cryptographic key that provides root access to the underlying Li...

Apr 2, 2021
CVE-2020-4001
9.8

CVE-2020-4001 is a critical authentication vulnerability in VMware SD-WAN Orchestrator where default passwords for predefined accounts enable pass-the...

Nov 24, 2020
CVE-2020-27555
9.8

This vulnerability allows remote attackers to execute arbitrary system commands as root on BASETech IP cameras due to default telnet credentials. Atta...

Nov 17, 2020
CVE-2020-26510
9.8

Airleader Master devices up to version 6.21 have default credentials that allow attackers to access the Tomcat Manager interface. This enables deploym...

Nov 16, 2020
CVE-2025-69970
9.3

FUXA v1.2.7 has an insecure default configuration where authentication is disabled by default due to a commented-out 'secureEnabled' flag. This allows...

Feb 3, 2026
CVE-2025-56332
9.1

CVE-2025-56332 is an authentication bypass vulnerability in fosrl/pangolin v1.6.2 and earlier that allows attackers to access protected resources due ...

Dec 30, 2025
CVE-2024-31070
9.1

This vulnerability allows remote unauthenticated attackers to access telnet services without restrictions on affected Century Systems devices. It affe...

Jul 17, 2024
CVE-2024-25610
9.0

This vulnerability allows remote authenticated users to inject malicious JavaScript or HTML into blog entries in Liferay Portal/DXP, leading to cross-...

Feb 20, 2024
CVE-2025-31930
8.8

This vulnerability affects Siemens EV chargers with Modbus service enabled by default, allowing attackers on the same network to remotely control char...

May 13, 2025
CVE-2023-45312
8.8

CVE-2023-45312 is an authentication bypass vulnerability in mtproto_proxy (MTProto proxy) for Erlang that allows unauthenticated remote attackers to e...

Oct 10, 2023
CVE-2025-36222
8.7

This vulnerability exposes AMQStreams without client authentication in IBM Fusion products due to insecure default configurations. Attackers could per...

Sep 11, 2025
CVE-2024-32114
8.5

Apache ActiveMQ 6.x has a default configuration vulnerability that leaves the API web context unsecured, allowing unauthenticated access to Jolokia JM...

May 2, 2024
CVE-2025-43015
8.3

This vulnerability in JetBrains RubyMine allows remote interpreters to bind to all network interfaces instead of only localhost, potentially exposing ...

Apr 17, 2025
CVE-2021-35535
8.1

This vulnerability allows an attacker with physical access to the front network port to exploit a time gap during device boot where an older vulnerabl...

Nov 18, 2021
CVE-2021-34203
8.1

D-Link DIR-2640-US routers running firmware version 1.01B04 have an incorrect access control vulnerability in their PPPoE configuration. When PPPoE is...

Jun 16, 2021
CVE-2025-48629
7.8

This vulnerability allows a malicious app to become the default speech recognizer on Android devices without user interaction, enabling local privileg...

Dec 8, 2025
CVE-2023-35689
7.8

This vulnerability allows local attackers to access Android Debug Bridge (adb) before Setup Wizard completion due to an insecure default value in Wear...

Aug 14, 2023
CVE-2021-39767
7.8

CVE-2021-39767 is a privilege escalation vulnerability in Android's miniadb component that allows local attackers to read and write recovery system pr...

Mar 30, 2022
CVE-2021-0534
7.8

This vulnerability in Android's DeviceAdminReceiver component allows local privilege escalation without user interaction due to insecure broadcast per...

Jun 22, 2021
CVE-2018-25193
7.5

Mongoose Web Server 6.9 contains a denial of service vulnerability where remote attackers can crash the service by establishing multiple socket connec...

Mar 6, 2026
CVE-2018-25169
7.5

AMPPS 2.7 contains a denial of service vulnerability where remote attackers can crash the service by sending malformed data to the default HTTP port. ...

Mar 6, 2026
CVE-2025-22248
7.5

This vulnerability allows unauthenticated access to PostgreSQL databases in Bitnami's pgpool Docker image and postgres-ha Kubernetes chart. Attackers ...

May 13, 2025
CVE-2024-8383
7.5

Firefox versions before 130, 128.2 ESR, and 115.15 ESR automatically launch external applications for news: and snews: schemes without user confirmati...

Sep 3, 2024
CVE-2024-41995
7.5

This vulnerability in Java Platform versions 12.89 and earlier uses insecure default TLS settings, potentially exposing affected Ricoh MFPs and printe...

Aug 6, 2024
CVE-2022-48492
7.5

This vulnerability involves configuration defects in Huawei's secure OS module that can be exploited to cause denial of service. It affects Huawei dev...

Jun 19, 2023
CVE-2022-25568
7.5

MotionEye v0.42.1 and below contains an information disclosure vulnerability where attackers can access sensitive configuration data via unauthenticat...

Mar 24, 2022
CVE-2025-13357
7.4

The Vault Terraform Provider incorrectly set the deny_null_bind parameter to false by default for LDAP authentication, potentially allowing authentica...

Nov 21, 2025
CVE-2025-48621
7.3

This CVE describes a tapjacking vulnerability in Android's DefaultTransitionHandler that allows malicious apps to overlay deceptive UI elements over l...

Dec 8, 2025
CVE-2025-44647
7.3

This vulnerability allows attackers to conduct offline brute-force attacks against the TRENDnet TEW-WLC100P wireless LAN controller's VPN configuratio...

Jul 21, 2025
CVE-2025-46599
6.8

A configuration change in CNCF K3s versions 1.32.0 through 1.32.3 inadvertently enables the kubelet ReadOnlyPort (10255) in some scenarios, potentiall...

Apr 25, 2025
CVE-2025-2442
6.8

A CWE-1188 vulnerability in Schneider Electric products allows physical attackers to reset devices to factory defaults, potentially gaining unauthoriz...

Apr 9, 2025
CVE-2024-48122
6.7

This vulnerability allows authenticated attackers with low-level privileges on HI-SCAN 6040i Hitrax HX-03-19-I systems to escalate to root-level privi...

Jan 15, 2025
CVE-2026-26122
6.5

This vulnerability in Microsoft ACI Confidential Containers allows unauthorized information disclosure from containerized workloads. Attackers could p...

Mar 5, 2026
CVE-2025-14758
6.5

This vulnerability allows an on-path attacker to read database contents, including potentially sensitive credentials, due to incorrect replication sec...

Dec 16, 2025
CVE-2025-35021
6.5

This vulnerability allows attackers to bypass SSH authentication on unconfigured Abilis CPX devices by making three failed login attempts, then gainin...

Nov 4, 2025
CVE-2025-41713
6.5

During device boot, a network switch operates in an undefined state where unauthenticated remote attackers can send traffic to unauthorized networks. ...

Sep 15, 2025

About CWE-1188 (CWE-1188)

Our database tracks 64 CVEs classified as CWE-1188, with 22 rated critical and 21 rated high severity. The average CVSS score for CWE-1188 vulnerabilities is 7.9.

External reference: View CWE-1188 on MITRE CWE →

Monitor CWE-1188 Vulnerabilities

Get alerted when new CWE-1188 CVEs affect your infrastructure.

Start Monitoring Free