Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12286 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. | |||||
| CVE-2025-5124 | 2026-04-15 | 7.6 HIGH | 8.1 HIGH | ||
| A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they "have published the 'Hardening Guide' on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords". | |||||
| CVE-2020-36915 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions. | |||||
| CVE-2025-7740 | 2026-04-15 | N/A | N/A | ||
| Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment. | |||||
| CVE-2025-2119 | 2026-04-15 | 1.2 LOW | 2.0 LOW | ||
| A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. The manipulation leads to use of default credentials. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-54756 | 2026-04-15 | N/A | 8.4 HIGH | ||
| BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all default passwords. | |||||
| CVE-2024-12902 | 2026-04-15 | N/A | 8.4 HIGH | ||
| ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials. | |||||
| CVE-2025-2184 | 2026-04-15 | N/A | N/A | ||
| A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations. The attacker must have network access to the Broker VM to exploit this issue. | |||||
| CVE-2024-13893 | 2026-04-15 | N/A | N/A | ||
| Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well. | |||||
| CVE-2024-46899 | 2026-04-15 | N/A | 7.1 HIGH | ||
| Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04. | |||||
| CVE-2025-1531 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00. | |||||
| CVE-2026-22886 | 1 Eclipse | 1 Openmq | 2026-04-09 | N/A | 9.8 CRITICAL |
| OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. After the first successful login, the server continues to accept the default password indefinitely without warning or enforcement. In real-world deployments, this service is often left enabled without changing the default credentials. As a result, a remote attacker with access to the service port could authenticate as an administrator and gain full control of the protocol’s administrative features. | |||||
| CVE-2026-28713 | 1 Acronis | 2 Agent, Cyber Protect | 2026-03-13 | N/A | 7.1 HIGH |
| Default credentials set for local privileged user in Virtual Appliance. The following products are affected: Acronis Cyber Protect Cloud Agent (VMware) before build 36943, Acronis Cyber Protect 17 (VMware) before build 41186. | |||||
| CVE-2026-27751 | 1 Sodola-network | 2 Sl902-swtgw124as, Sl902-swtgw124as Firmware | 2026-03-04 | N/A | 9.8 CRITICAL |
| SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device. | |||||
| CVE-2026-26366 | 1 Jung-group | 1 Enet Smart Home | 2026-02-26 | N/A | 9.8 CRITICAL |
| eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions. | |||||
| CVE-2026-26341 | 1 Tattile | 20 Anpr Mobile, Anpr Mobile Firmware, Axle Counter and 17 more | 2026-02-26 | N/A | 9.8 CRITICAL |
| Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain administrative access, enabling unauthorized access to device configuration and data. | |||||
| CVE-2026-1972 | 1 Edimax | 2 Br-6208ac, Br-6208ac Firmware | 2026-02-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-22273 | 1 Dell | 2 Elastic Cloud Storage, Objectscale | 2026-02-18 | N/A | 8.8 HIGH |
| Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-58744 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 7.5 HIGH |
| Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808. | |||||
| CVE-2025-1711 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-01-29 | N/A | 4.3 MEDIUM |
| Multiple services of the DUT as well as different scopes of the same service reuse the same credentials. | |||||