Weaknesses of type CWE-1188
167 resultsCVE-2020-13927CRITICALThe previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security riEPSS 99.7%KEVCVE-2023-27524HIGHApache Superset: Session validation vulnerability when using provided default SECRET_KEYEPSS 97.4%KEVCVE-2022-24706CRITICALRemote Code Execution Vulnerability in PackagingEPSS 92.3%KEVCVE-2026-44338HIGHPraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow executionEPSS 26.8%CVE-2021-41192HIGHInsecure default configurationEPSS 8.0%CVE-2025-48927MEDIUMThe TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploitEPSS 7.9%KEVCVE-2024-32114HIGHApache ActiveMQ: Jolokia and REST API were not secured with default configurationEPSS 6.9%CVE-2023-6448CRITICALUnitronics VisiLogic uses a default administrative passwordEPSS 2.1%KEVCVE-2024-22207MEDIUMDefault swagger-ui configuration exposes all files in the moduleEPSS 2.0%CVE-2026-41679CRITICALPaperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization BypassEPSS 2.0%CVE-2019-19340HIGHA flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-EPSS 1.5%CVE-2023-45312HIGHIn the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly securEPSS 1.5%CVE-2024-2912CRITICALInsecure Deserialization Leading to RCE in bentoml/bentomlEPSS 1.5%CVE-2026-28775CRITICALUnauthenticated RCE via SNMP Default Writable Community StringEPSS 1.2%CVE-2022-42467MEDIUMh2 webconsole (available only in prototype mode) should nevertheless be disabled by default.EPSS 1.2%CVE-2022-31806CRITICALInsecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNTEPSS 1.1%CVE-2023-31101—Apache InLong: Users who joined later can see the data of deleted usersEPSS 1.1%CVE-2024-50390HIGHQHoraEPSS 1.1%CVE-2025-2129MEDIUMMage AI insecure default initialization of resourceEPSS 1.0%CVE-2025-59090CRITICALUnauthenticated SOAP API in dormakaba Kaba exos 9300EPSS 1.0%