Total
752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8362 | 1 Harman | 1 Amx Firmware | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984. | |||||
| CVE-2013-6940 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2026-05-06 | 5.0 MEDIUM | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-7261 | 1 Qnap | 2 Iartist Lite, Signage Station | 2026-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21. | |||||
| CVE-2015-2766 | 1 Websense | 1 Triton Ap Email | 2026-05-06 | 5.0 MEDIUM | N/A |
| The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | |||||
| CVE-2014-3298 | 1 Cisco | 1 Cloud Portal | 2026-05-06 | 4.0 MEDIUM | N/A |
| Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976. | |||||
| CVE-2014-4007 | 1 Sap | 1 Upgrade Tools | 2026-05-06 | 5.0 MEDIUM | N/A |
| The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2013-2562 | 1 Mambo-foundation | 1 Mambo Cms | 2026-05-06 | 2.1 LOW | N/A |
| Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4008 | 1 Sap | 1 Web Services Tool | 2026-05-06 | 5.0 MEDIUM | N/A |
| SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2016-2331 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2013-7405 | 1 Gehealthcare | 1 Centricity Dms | 2026-05-06 | 10.0 HIGH | N/A |
| The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. | |||||
| CVE-2015-8611 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password. | |||||
| CVE-2013-6223 | 1 Livezilla | 1 Livezilla | 2026-05-06 | 2.1 LOW | N/A |
| LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file. | |||||
| CVE-2014-4363 | 1 Apple | 2 Iphone Os, Safari | 2026-05-06 | 5.0 MEDIUM | N/A |
| Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | |||||
| CVE-2015-6316 | 1 Cisco | 1 Mobility Services Engine | 2026-05-06 | 6.5 MEDIUM | N/A |
| The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. | |||||
| CVE-2016-1984 | 1 Harman | 1 Amx Firmware | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362. | |||||
| CVE-2016-1927 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | |||||
| CVE-2015-5994 | 1 Mediabridge | 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware | 2026-05-06 | 7.9 HIGH | 6.8 MEDIUM |
| The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. | |||||
| CVE-2016-6531 | 1 Opendental | 1 Opendental | 2026-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction. | |||||
| CVE-2014-1644 | 1 Symantec | 1 Liveupdate Administrator | 2026-05-06 | 7.5 HIGH | N/A |
| The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account. | |||||
| CVE-2016-0865 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2026-05-06 | 9.0 HIGH | 8.8 HIGH |
| Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. | |||||