ReportizFlow
Filtered by vendor
Subscriptions
Total
231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8182 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-08-01 | 5.6 Medium |
| A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2019-18988 | 1 Teamviewer | 1 Teamviewer | 2025-07-30 | 7.0 High |
| TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system. | ||||
| CVE-2025-1341 | 1 Pmweb | 1 Pmweb | 2025-07-17 | 3.7 Low |
| A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. This affects an unknown part of the component Setting Handler. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-34058 | 2025-07-03 | N/A | ||
| Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files. | ||||
| CVE-2025-28389 | 1 Openc3 | 1 Cosmos | 2025-06-24 | 9.8 Critical |
| Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack. | ||||
| CVE-2024-0188 | 1 Nia | 1 Rrj Nueva Ecija Engineer Online Portal | 2025-06-17 | 3.1 Low |
| A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability. | ||||
| CVE-2023-49238 | 1 Gradle | 1 Enterprise | 2025-06-17 | 9.8 Critical |
| In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. | ||||
| CVE-2025-28200 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2025-06-12 | 9.8 Critical |
| Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address. | ||||
| CVE-2024-42850 | 1 Silverpeas | 1 Silverpeas | 2025-06-05 | 9.8 Critical |
| An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. | ||||
| CVE-2024-36789 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | 8.1 High |
| An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. | ||||
| CVE-2023-24049 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2025-05-29 | 9.8 Critical |
| An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. | ||||
| CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2025-05-23 | 9.8 Critical |
| Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | ||||
| CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-20 | 4.3 Medium |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | ||||
| CVE-2025-22390 | 1 Optimizely | 1 Optimizely Cms | 2025-05-20 | 7.5 High |
| An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking. | ||||
| CVE-2025-26847 | 1 Znuny | 1 Znuny | 2025-05-16 | 9.1 Critical |
| An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked. | ||||
| CVE-2024-42173 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 4.8 Medium |
| HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. | ||||
| CVE-2023-38369 | 1 Ibm | 1 Security Access Manager Container | 2025-05-15 | 6.2 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196. | ||||
| CVE-2025-4534 | 2025-05-12 | 3.7 Low | ||
| A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-08 | 9.8 Critical |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||||
| CVE-2024-48271 | 1 Dlink | 3 Dsl-6740c, Dsl-6740c Firmware, Dsl6740c Firmware | 2025-05-07 | 8.8 High |
| D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. | ||||