707 matches found
CVE-2025-59785
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
EUVD-2025-208278
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59785
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59785
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
CVE-2025-59785
CVE-2025-59785 affects 2N Access Commander, with affected versions prior to 3.4.3. The root cause is improper validation of an API endpoint in the product, which can allow bypassing the password policy used for backup file encryption. Exploitation requires administrator privileges (authenticated ...
CVE-2025-59785 API - Insufficient Input Validation
Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...
2N Access Commander 安全漏洞
2N Access Commander is an access control solution provided by 2N Corporation. Versions of 2N Access Commander prior to 3.4.2 contained security vulnerabilities. These vulnerabilities were due to improper validation of API endpoints, which could allow bypassing password policies that rely on backu...
PT-2026-22932
Name of the Vulnerable Software and Affected Versions 2N Access Commander versions prior to 3.4.3 Description A flaw exists in the validation of an API endpoint in 2N Access Commander that could allow an attacker to bypass the password policy for backup file encryption. Successful exploitation...
GO-2026-4551 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api...
EUVD-2026-8751
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change...
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change
Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...
GHSA-3CCG-X393-96V8 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change
Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...
Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change
Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...
CVE-2026-25715 Jinan USR IOT Technology Limited (PUSR) USR-W610 Weak Password Requirements
The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...
CVE-2022-50981
CVE-2022-50981 affects Innomic VibroLine VLX HD 5.0 and avibia AVLX (per CVE records). Affected devices are shipped with no password by default, and password setting is not enforced. This creates an unauthenticated remote access risk where an attacker could gain full control. The Red Hat, NVD, CV...
CVE-2022-50981 Multiple Innomic VibroLine VLX HD 5.0 and avibia AVLX weak password requirements
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...
Password Reuse in Disguise: An Often-Missed Risky Workaround
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remain...
CVE-2025-55252
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access...
CVE-2025-55252
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access...
CVE-2025-55252
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access...