Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24449 | 1 Elecom | 4 Wrc-x1500gs-b, Wrc-x1500gs-b Firmware, Wrc-x1500gsa-b and 1 more | 2026-06-17 | N/A | 4.6 MEDIUM |
| For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information. | |||||
| CVE-2026-22910 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system. | |||||
| CVE-2026-22886 | 1 Eclipse | 1 Openmq | 2026-06-17 | N/A | 9.8 CRITICAL |
| OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. After the first successful login, the server continues to accept the default password indefinitely without warning or enforcement. In real-world deployments, this service is often left enabled without changing the default credentials. As a result, a remote attacker with access to the service port could authenticate as an administrator and gain full control of the protocol’s administrative features. | |||||
| CVE-2025-6737 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions. | |||||
| CVE-2025-6523 | 1 Devolutions | 1 Devolutions Server | 2026-06-17 | N/A | 7.7 HIGH |
| Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier | |||||
| CVE-2025-6077 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions. | |||||
| CVE-2025-59460 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections. | |||||
| CVE-2025-59103 | 2026-06-17 | N/A | N/A | ||
| The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users with hardcoded and weak passwords that can be used to access the devices via SSH. The passwords can be also guessed very easily. The password of at least one user is set to a random value after the first deployment, with the restriction that the password is only randomized if the configured date is prior to 2022. Therefore, under certain circumstances, the passwords are not randomized. For example, if the clock is never set on the device, the battery of the clock module has been changed, the Access Manager has been factory reset and has not received a time yet. | |||||
| CVE-2025-55584 | 1 Totolink | 2 A3002r, A3002r Firmware | 2026-06-17 | N/A | 5.3 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. | |||||
| CVE-2025-53558 | 2026-06-17 | N/A | 8.8 HIGH | ||
| ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. | |||||
| CVE-2025-52364 | 1 Tenda | 2 Cp3 Pro, Cp3 Pro Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if default or weak credentials are present | |||||
| CVE-2025-4057 | 2026-06-17 | N/A | 5.5 MEDIUM | ||
| A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. | |||||
| CVE-2025-35970 | 2026-06-17 | N/A | 7.5 HIGH | ||
| On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege. | |||||
| CVE-2025-32471 | 2026-06-17 | N/A | 3.7 LOW | ||
| The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks. | |||||
| CVE-2025-30519 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system. | |||||
| CVE-2025-2229 | 2026-06-17 | N/A | 7.7 HIGH | ||
| A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. | |||||
| CVE-2025-22936 | 2026-06-17 | N/A | 5.7 MEDIUM | ||
| An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers. | |||||
| CVE-2025-1081 | 2026-06-17 | 1.8 LOW | 3.1 LOW | ||
| A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7558 | 1 Canonical | 1 Juju | 2026-06-17 | N/A | 8.7 HIGH |
| JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. | |||||
| CVE-2024-5634 | 2026-06-17 | N/A | N/A | ||
| Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same password. | |||||