Tag: default-config
All items tagged default-config.
- CVE-2026-20896 — Gitea (Docker): trust-all reverse-proxy default lets an unauthenticated attacker impersonate any user via `X-WEBAUTH-USER`
- CVE-2026-52806 — Gogs self-hosted Git server: argument injection to OS command execution (BSI critical batch)
- CVE-2026-20253 — Splunk Enterprise: unauthenticated pre-auth RCE via the PostgreSQL sidecar proxy
- CERT-PL discloses hardcoded-credential supply-chain flaw in KS-SOMED healthcare software (CVE-2026-42251)
- CVE-2026-44825 — Apache Solr: unauthenticated admin via hardcoded template credentials, no patch yet
- CVE-2026-35087 / CVE-2026-35089 / CVE-2026-35090 — Slican PBX telephony exchanges, triple pre-authentication admin bypass (CERT Polska)
- BSI flags Netgate pfSense Community Edition as critical-unpatched — CVE-2025-69690 / CVE-2025-69691 authenticated root RCE, vendor refuses to fix