Lucene search
+L

707 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.7 views

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS5.9AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.11 views

EUVD-2025-208278

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 4:16 p.m.17 views

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 4:16 p.m.5 views

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS5.8AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 3:30 p.m.16 views

CVE-2025-59785

CVE-2025-59785 affects 2N Access Commander, with affected versions prior to 3.4.3. The root cause is improper validation of an API endpoint in the product, which can allow bypassing the password policy used for backup file encryption. Exploitation requires administrator privileges (authenticated ...

7.2CVSS5.9AI score0.00189EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/04 3:30 p.m.39 views

CVE-2025-59785 API - Insufficient Input Validation

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

5.3CVSS0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.10 views

2N Access Commander 安全漏洞

2N Access Commander is an access control solution provided by 2N Corporation. Versions of 2N Access Commander prior to 3.4.2 contained security vulnerabilities. These vulnerabilities were due to improper validation of API endpoints, which could allow bypassing password policies that rely on backu...

7.2CVSS5.8AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22932

Name of the Vulnerable Software and Affected Versions 2N Access Commander versions prior to 3.4.3 Description A flaw exists in the validation of an API endpoint in 2N Access Commander that could allow an attacker to bypass the password policy for backup file encryption. Successful exploitation...

7.2CVSS5.9AI score0.00189EPSS
Exploits0References7
OSV
OSV
added 2026/02/27 2:17 a.m.4 views

GO-2026-4551 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api...

9.1CVSS5.8AI score0.00428EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/25 10:2 p.m.8 views

EUVD-2026-8751

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change...

9.1CVSS5.3AI score0.00428EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/02/25 10:2 p.m.9 views

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

9.1CVSS5.4AI score0.00428EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/25 10:2 p.m.4 views

GHSA-3CCG-X393-96V8 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

9.1CVSS5.5AI score0.00428EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/25 12:0 a.m.10 views

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

9.1CVSS5.4AI score0.00428EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 3:56 p.m.5 views

CVE-2026-25715 Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements

The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...

9.8CVSS5.6AI score0.0057EPSS
Exploits0References2
CVE
CVE
added 2026/02/02 2:12 p.m.15 views

CVE-2022-50981

CVE-2022-50981 affects Innomic VibroLine VLX HD 5.0 and avibia AVLX (per CVE records). Affected devices are shipped with no password by default, and password setting is not enforced. This creates an unauthenticated remote access risk where an attacker could gain full control. The Red Hat, NVD, CV...

9.8CVSS5.6AI score0.00527EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 2:12 p.m.33 views

CVE-2022-50981 Multiple Innomic VibroLine VLX HD 5.0 and avibia AVLX weak password requirements

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...

9.8CVSS0.00527EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/01/28 10:30 a.m.8 views

Password Reuse in Disguise: An Often-Missed Risky Workaround

When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remain...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/20 6:18 p.m.7 views

CVE-2025-55252

HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access...

9.8CVSS5.4AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 7:16 p.m.3 views

CVE-2025-55252

HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access...

9.8CVSS5.8AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/01/19 7:16 p.m.14 views

CVE-2025-55252

HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access...

9.8CVSS0.00149EPSS
Exploits0References1
Rows per page
Query Builder