CVE-2025-64062

The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...

EUVD-2025-28745

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

K000153161: Ansible Tower vulnerability CVE-2019-19340

Security Advisory Description A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmqenablemanager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is sti...

Improper Authentication

github.com/rancher/rancher is vulnerable to Improper Authentication. The vulnerability is due to the default admin user being recreated with a well-known password after Rancher restarts...

Design/Logic Flaw

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

CVE-2023-46249 authentik potential installation takeover when default admin user is deleted

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

CVE-2023-46249 authentik potential installation takeover when default admin user is deleted

authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...

CVE-2019-19340

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmqenablemanager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could...

CVE-2019-11202

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may...

CVE-2019-11202

CVE-2019-11202 affects Rancher versions v2.0.0–v2.0.13, v2.1.0–v2.1.8, and v2.2.0–v2.2.1. On first start Rancher creates a default admin user with a well-known password; after initial setup, the admin can delete it, but upon restart the default user is recreated with the same password. An attacke...

UserPro <= 4.9.17 - Authentication Bypass

The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?upautolog=true to the...