ReportizFlow
Filtered by vendor
Subscriptions
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39920 | 1 Bridgehead Software | 1 Filestore | 2026-04-27 | 9.8 Critical |
| BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary commands on the host via SOAP requests to the deployed service. | ||||
| CVE-2026-22910 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-04-18 | 7.5 High |
| The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system. | ||||
| CVE-2026-22920 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-04-18 | 3.7 Low |
| The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks. | ||||
| CVE-2026-23853 | 1 Dell | 1 Powerprotect Data Domain | 2026-04-18 | 8.4 High |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system. | ||||
| CVE-2026-24449 | 1 Elecom | 4 Wrc-x1500gs-b, Wrc-x1500gs-b Firmware, Wrc-x1500gsa-b and 1 more | 2026-04-18 | N/A |
| For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information. | ||||
| CVE-2026-22886 | 1 Eclipse | 1 Openmq | 2026-04-16 | 9.8 Critical |
| OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. After the first successful login, the server continues to accept the default password indefinitely without warning or enforcement. In real-world deployments, this service is often left enabled without changing the default credentials. As a result, a remote attacker with access to the service port could authenticate as an administrator and gain full control of the protocol’s administrative features. | ||||
| CVE-2024-29071 | 1 Kddi | 1 Hgw Bli500hm Firmware | 2026-04-15 | 8.8 High |
| HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. | ||||
| CVE-2025-1081 | 2026-04-15 | 3.1 Low | ||
| A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43698 | 1 Kieback\&peter | 10 Ddc4002 Firmware, Ddc4002e Firmware, Ddc4020e Firmware and 7 more | 2026-04-15 | 9.8 Critical |
| Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. | ||||
| CVE-2024-40892 | 1 Firewalla | 1 Box Software | 2026-04-15 | 7.1 High |
| A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely). | ||||
| CVE-2024-51978 | 2026-04-15 | 9.8 Critical | ||
| An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request. | ||||
| CVE-2024-5634 | 2026-04-15 | N/A | ||
| Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same password. | ||||
| CVE-2024-33849 | 2026-04-15 | 6.5 Medium | ||
| ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. | ||||
| CVE-2025-30519 | 1 Doverfuelingsolutions | 1 Progauge Maglink Lx Console | 2026-04-15 | 9.8 Critical |
| Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system. | ||||
| CVE-2025-6737 | 1 Securden | 1 Unified Pam | 2026-04-15 | 7.2 High |
| Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions. | ||||
| CVE-2024-32759 | 2026-04-15 | N/A | ||
| Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials. | ||||
| CVE-2025-53558 | 1 Zte | 2 Zxhn F660a, Zxhn F660t | 2026-04-15 | N/A |
| ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. | ||||
| CVE-2025-4057 | 1 Redhat | 2 Amq Broker, Rhosemc | 2026-04-15 | 5.5 Medium |
| A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. | ||||
| CVE-2025-2229 | 2026-04-15 | 7.7 High | ||
| A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. | ||||
| CVE-2024-42027 | 1 Rocketchat | 1 Rocket.chat | 2026-04-15 | 6.7 Medium |
| The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. | ||||