Lucene search
K

2441 matches found

nuclei
nuclei
added 14 hours ago43 views

Netsweeper 4.0.5 - Default Weak Account

The Web Panel in Netsweeper before 4.0.5 has a default password of 'branding' for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. id: CVE-2014-9614 info: name: Netsweeper 4.0.5 - Default Weak Account author: daffainfo severity: critica...

9.8CVSS7.1AI score0.66638EPSS
Exploits1References4
nuclei
nuclei
added 14 hours ago192 views

Jfrog Artifactory <6.17.0 - Default Admin Password

Jfrog Artifactory prior to 6.17.0 uses default passwords such as "password" for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. id: CVE-2019-17444 info: name: Jfrog Artifactory...

9.8CVSS7AI score0.69445EPSS
Exploits0References4
nuclei
nuclei
added 14 hours ago64 views

Brother Printers – Authentication Bypass via Default Admin Password

By leaking a target device's serial number, a remote attacker can generate the target device's default administrator password. The target device may leak its serial number via unauthenticated HTTP, HTTPS, IPP, SNMP, or PJL requests. id: CVE-2024-51978 info: name: Brother Printers – Authentication...

9.8CVSS7.1AI score0.23635EPSS
Exploits0References4
gitlab
gitlab
added 2026/07/06 12:0 a.m.7 views

9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI token...

9.9CVSS5.8AI score0.00685EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/07/01 5:16 a.m.10 views

CVE-2026-7839

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS0.00374EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/01 3:33 a.m.8 views

CVE-2026-7839

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS5.8AI score0.00374EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/01 3:33 a.m.40 views

CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS0.00374EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.11 views

PT-2026-54489

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy ssaved password, 64,...

9.1CVSS5.8AI score0.00374EPSS
Exploits0References10
ibm
ibm
added 2026/06/24 6:29 p.m.3 views

Security Bulletin: Vulnerabilities found in Watson Data Intelligence

Summary Multiple Vulnerabilities were addressed in Watson Data Intelligence version 5.3.1-patch3. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expecte...

9.8CVSS6.6AI score0.0504EPSS
Exploits3Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.5AI score0.00141EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:10 p.m.12 views

CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.5AI score0.00466EPSS
Exploits0References1
nvd
nvd
added 2026/06/03 1:16 p.m.14 views

CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS0.00466EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/03 10:38 a.m.50 views

CVE-2026-35075 Hardcoded default Password for Service Account

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS0.00466EPSS
Exploits0References1
euvd
euvd
added 2026/06/03 10:38 a.m.14 views

EUVD-2026-34071

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/03 10:38 a.m.10 views

CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/03 12:0 a.m.16 views

PT-2026-45916

Name of the Vulnerable Software and Affected Versions Recover firmware affected versions not specified Description An unauthenticated remote attacker can recover a default, hard-coded password from a firmware image, allowing them to gain full access to affected devices. Recommendations At the...

9.8CVSS5.5AI score0.00466EPSS
Exploits0References6
euvd
euvd
added 2026/05/29 5:27 p.m.16 views

EUVD-2026-33395

The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References3
ibm
ibm
added 2026/05/29 9:4 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty, that could provide weaker than expected security ( CVE-2025-14917)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty, that could provide weaker than expected security CVE-2025-14917. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

9.8CVSS5.8AI score0.00355EPSS
Exploits0Affected Software1
euvd
euvd
added 2026/05/28 12:30 p.m.17 views

EUVD-2026-32860

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References3
nvd
nvd
added 2026/05/28 10:16 a.m.19 views

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS0.00141EPSS
Exploits0References2
Rows per page
Query Builder