CVE-2026-9039

CVE-2026-9039 affects the XCharge C6 via a configuration weakness in the device’s remote management service. An authenticated session can be established over a channel intended only for vehicle-charger signaling. The service is exposed on interfaces at the charging connector and accepts a default...

EUVD-2026-30937

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

PYSEC-2026-119

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

CVE-2026-27960

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

CVE-2026-27960

OpenCTI suffers a privilege escalation in versions 6.6.0–6.9.12 that allows unauthenticated attackers to query the API as any existing user, including the default admin account. The issue has been fixed in version 6.9.13. As a temporary mitigation, the default admin can be disabled via APP__ADMIN...

OpenCTI 授权问题漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions 6.6.0 to 6.9.12 of OpenCTI have vulnerabilities related to authorization. Attackers can exploit these vulnerabilities to access the API as any existing user, including the default administrator account...

CVE-2026-34472

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

SUSE CVE-2025-3063

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxcallbackupdatesaoption function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with...

EUVD-2026-11097

The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option datalogicstoken without verification. This token is subsequently used for authentication in a protected endpoint that allows users to perform...

CVE-2026-22886

OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...

newbee-mall 信任管理问题漏洞

newbee-mall is an e-commerce system developed under open source by newbee. newbee-mall has a vulnerability related to trust management. This vulnerability stems from the database initialization script, which includes pre-set administrator accounts with predictable default passwords. This allows...

CVE-2025-41719

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

CVE-2025-41719

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

CVE-2025-41719 Sauter: Improper Validation of user-controlled data

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

EUVD-2025-35337

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

CVE-2025-41719 Sauter: Improper Validation of user-controlled data

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

Sauter modu680-AS 安全漏洞

Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A security vulnerability exists in the Sauter modu680-AS that originates from a low-privileged remote attacker who can corrupt the web server user store on the appliance by setting a series of unsupported...

NetBird VPN 安全漏洞

NetBird VPN is an open source proxy software from NetBird. A security vulnerability exists in NetBird VPN that stems from the failure to remove or change the default administrator account password created by ZITADEL during installation...

EUVD-2019-14228

Malware in sbrugna...