Vulnerabilities > Insecure Default Initialization of Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-18 | CVE-2024-41975 | An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs. | 5.3 |
| 2025-03-09 | CVE-2025-2129 | A vulnerability was found in Mage AI 0.9.75. | 5.6 |
| 2024-09-23 | CVE-2024-0001 | Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | 9.8 |
| 2024-09-13 | CVE-2024-44096 | Insecure Default Initialization of Resource vulnerability in Google Android there is a possible arbitrary read due to an insecure default value. | 4.4 |
| 2024-09-02 | CVE-2024-45313 | Insecure Default Initialization of Resource vulnerability in Overleaf Overleaf is a web-based collaborative LaTeX editor. | 5.4 |
| 2024-08-15 | CVE-2024-34734 | Insecure Default Initialization of Resource vulnerability in Google Android 13.0/14.0 In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. | 7.8 |
| 2024-07-17 | CVE-2024-31070 | Insecure Default Initialization of Resource vulnerability in Centurysys products Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. | 9.1 |
| 2024-07-12 | CVE-2024-39916 | Insecure Default Initialization of Resource vulnerability in Fogproject FOG is a free open-source cloning/imaging/rescue suite/inventory management system. | 6.4 |
| 2024-02-20 | CVE-2024-25610 | Insecure Default Initialization of Resource vulnerability in Liferay Digital Experience Platform In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field. | 5.4 |
| 2024-02-20 | CVE-2024-26267 | Insecure Default Initialization of Resource vulnerability in Liferay Portal In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header. | 5.3 |