Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the plugin installation process on CI test instances with default admin credentials. An attacker can execute arbitrary code and access sensitive configuration data by uploading a malicious plugin after changin...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the plugin installation process on CI test instances with default admin credentials. An attacker can execute arbitrary code and access sensitive configuration data by uploading a malicious plugin after changin...

CVE-2026-2462

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

CVE-2026-2462

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

PT-2026-25700

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

EUVD-2023-31322

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

CVE-2026-22886

OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...

CVE-2026-22886

OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...

OpenMQ 安全漏洞

OpenMQ is a Java EE open-source message flow middleware. There is a security vulnerability in OpenMQ. This vulnerability arises from the default use of administrator credentials and the lack of a requirement to change the password during the first use. This could allow a remote attacker to obtain...

CVE-2026-1937

CVE-2026-1937 affects the YayMail – WooCommerce Email Customizer WordPress plugin up to version 4.3.2. The root cause is a missing capability check on the yaymail_import_state AJAX action, allowing authenticated attackers with Shop Manager-level access or higher to modify arbitrary WordPress opti...

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2026-25803

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

CVE-2020-37135 AMSS++ 4.7 - Backdoor Admin Account

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...

CVE-2020-37135 AMSS++ 4.7 - Backdoor Admin Account

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...

CVE-2026-25803 3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials admin/admin upon the first initialization. Attackers with network access to the application's login interface can gain full...

PT-2026-6836

Name of the Vulnerable Software and Affected Versions 3DP-MANAGER versions 2.0.1 and prior Description 3DP-MANAGER, an inbound generator for 3x-ui, automatically creates an administrative account with default credentials admin/admin upon initial setup. An attacker with network access to the...