| CVE-2026-47325 |
2026-06-03 |
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The ap… |
| CVE-2026-4377 |
2026-05-28 |
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default… |
| CVE-2026-35089 |
2026-05-27 |
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can d… |
| CVE-2026-44351 |
2026-05-13 |
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to … |
| CVE-2026-8076 |
2026-05-08 |
Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based cre… |
| CVE-2026-39920 |
2026-04-24 |
BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated r… |
| CVE-2026-23853 |
2026-04-17 |
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13… |
| CVE-2025-67114 |
2026-03-19 |
Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive va… |
| CVE-2026-22886 |
2026-03-03 |
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires
authentication. However, the product ships with a default administrative account (admin/
admin) and does not enforce… |
| CVE-2026-24449 |
2026-02-03 |
For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information. |
| CVE-2025-59103 |
2026-01-26 |
The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is expose… |
| CVE-2026-22910 |
2026-01-15 |
The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the sy… |
| CVE-2025-59460 |
2025-10-27 |
The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections. |
| CVE-2025-30519 |
2025-09-18 |
Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard
administrative means. An attacker with network access to the device can
gai… |
| CVE-2025-6737 |
2025-08-25 |
Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway … |
| CVE-2025-55584 |
2025-08-18 |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. |
| CVE-2025-35970 |
2025-08-07 |
On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed … |
| CVE-2025-6077 |
2025-08-02 |
Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions. |
| CVE-2025-53558 |
2025-07-31 |
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. |
| CVE-2025-6523 |
2025-07-22 |
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by… |