Total
239 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7306 | 1 Riverbed | 1 Rios | 2025-04-20 | 1.9 LOW | 6.4 MEDIUM |
| Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs | |||||
| CVE-2017-1386 | 1 Ibm | 2 Api Connect, Api Management | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160. | |||||
| CVE-2017-12861 | 1 Epson | 1 Easymp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.All Epson projectors supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device | |||||
| CVE-2017-9853 | 1 Sma | 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected | |||||
| CVE-2017-16727 | 1 Moxa | 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. | |||||
| CVE-2017-1196 | 1 Ibm | 1 Bigfix Security Compliance Analytics | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671. | |||||
| CVE-2012-2441 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | 8.5 HIGH | N/A |
| RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. | |||||
| CVE-2025-25749 | 1 Digitaldruid | 1 Hoteldruid | 2025-04-07 | N/A | 7.1 HIGH |
| An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. | |||||
| CVE-2025-27663 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007. | |||||
| CVE-2025-25211 | 2025-04-01 | N/A | 9.8 CRITICAL | ||
| Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login. | |||||
| CVE-2023-0569 | 1 Publify Project | 1 Publify | 2025-03-28 | N/A | 6.5 MEDIUM |
| Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | |||||
| CVE-2025-1474 | 1 Lfprojects | 1 Mlflow | 2025-03-27 | N/A | 5.5 MEDIUM |
| In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0. | |||||
| CVE-2024-1345 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 6.8 MEDIUM |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | |||||
| CVE-2024-1346 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 6.8 MEDIUM |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants. | |||||
| CVE-2024-47221 | 1 Rapidscada | 1 Rapid Scada | 2025-03-19 | N/A | 7.5 HIGH |
| CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. | |||||
| CVE-2022-45635 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | N/A | 7.5 HIGH |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | |||||
| CVE-2024-22068 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2025-02-07 | N/A | 6.0 MEDIUM |
| Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. | |||||
| CVE-2023-2106 | 1 Janeczku | 1 Calibre-web | 2025-02-06 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. | |||||
| CVE-2023-24502 | 1 Electra-air | 2 Central Ac Unit, Central Ac Unit Firmware | 2025-02-06 | N/A | 7.5 HIGH |
| Electra Central AC unit – The unit opens an AP with an easily calculated password. | |||||
| CVE-2023-31043 | 1 Enterprisedb | 1 Postgres Advanced Server | 2025-02-04 | N/A | 7.5 HIGH |
| EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0. | |||||