CWE-1188: CWE-1188

Dell Common Event Enabler version 9.0.0.0 contains an insecure default configuration vulnerability in its Common Anti-Virus Agent component. Unauthent...

This vulnerability allows attackers within Bluetooth range to intercept Auracast audio streams on Android devices due to an insecure default password ...

This CVE is a Linux kernel vulnerability in the CIFS/SMB Direct client code where the smbd_response slab isn't properly marked for usercopy operations...

This CVE addresses a DMA (Direct Memory Access) initialization vulnerability in the Linux kernel's Hyper-V vmbus driver. The issue occurs when device ...

This CVE is an uninitialized variable vulnerability in the Linux kernel's device mapper btree removal function. When removal fails due to an IO read e...

BigFix SaaS fails to include security headers in HTTP responses, weakening client-side protections. This makes web applications more vulnerable to att...

The Advanced Country Blocker WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to bypass geolocation bl...

Zipkin versions through 3.5.1 expose a /heapdump endpoint via Spring Boot Actuator that can be accessed without authentication. This allows attackers ...

The TeleMessage service exposes a Spring Boot Actuator heap dump endpoint at /heapdump, allowing attackers to retrieve memory contents. This vulnerabi...

This vulnerability allows attackers to redirect users to arbitrary malicious websites by exploiting a default configuration in GroupSession products. ...

Himmelblau 0.9.x versions derive numeric GIDs from Entra ID group display names, allowing distinct groups with identical names to map to the same GID....

This vulnerability exposes Siime Eye devices through their default SSID values, allowing attackers to map device locations using public databases like...

This vulnerability allows malicious websites to bypass same-origin policy restrictions via DNS rebinding attacks against local HTTP-based MCP servers ...

The MCP Python SDK prior to version 1.23.0 lacks DNS rebinding protection by default for HTTP-based servers. This allows malicious websites to bypass ...