ReportizFlow
Filtered by vendor
Subscriptions
Total
231 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1039 | 1 Redlion | 2 Da50n, Da50n Firmware | 2025-04-16 | 9.6 Critical |
| The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the SSH service does not support root login, a user logging in using either of the other Linux accounts may elevate to root access using the su command if they have access to the associated password. | ||||
| CVE-2022-1668 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2025-04-16 | 9.8 Critical |
| Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. | ||||
| CVE-2012-2441 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | N/A |
| RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. | ||||
| CVE-2023-0307 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 9.8 Critical |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2025-25749 | 1 Digitaldruid | 1 Hoteldruid | 2025-04-07 | 7.1 High |
| An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. | ||||
| CVE-2025-27663 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007. | ||||
| CVE-2025-25211 | 2025-04-01 | 9.8 Critical | ||
| Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login. | ||||
| CVE-2023-0569 | 1 Publify Project | 1 Publify | 2025-03-28 | 6.5 Medium |
| Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | ||||
| CVE-2023-0564 | 1 Froxlor | 1 Froxlor | 2025-03-28 | 5.4 Medium |
| Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | ||||
| CVE-2025-1474 | 1 Lfprojects | 1 Mlflow | 2025-03-27 | 5.5 Medium |
| In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0. | ||||
| CVE-2024-1345 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | 6.8 Medium |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | ||||
| CVE-2024-1346 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | 6.8 Medium |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants. | ||||
| CVE-2023-0793 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 7.1 High |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2024-47221 | 1 Rapidscada | 1 Rapid Scada | 2025-03-19 | 7.5 High |
| CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. | ||||
| CVE-2024-45374 | 1 Gotenna | 1 Gotenna | 2025-03-13 | 5.3 Medium |
| The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is advised to use local QR encryption key sharing for additional security on this and previous versions. | ||||
| CVE-2023-22451 | 1 Kiwitcms | 1 Kiwi Tcms | 2025-03-11 | 6.5 Medium |
| Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can’t be too similar to other personal information, must contain at least 10 characters, can’t be a commonly used password, and can’t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen. | ||||
| CVE-2021-36689 | 1 Samourai-wallet-android Project | 1 Samourai-wallet-android | 2025-03-07 | 5.5 Medium |
| An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. | ||||
| CVE-2023-2060 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2025-03-05 | 7.5 High |
| Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing. | ||||
| CVE-2022-45635 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | 7.5 High |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | ||||
| CVE-2023-37398 | 1 Ibm | 1 Aspera Faspex | 2025-02-12 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||