CVE-2026-24429

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated acce...

Konica Bizhub Multifunction Printers Use of Weak Credentials (CVE-2024-51978)

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

GHSA-W54X-R83C-X79Q Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode

Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment Response / Rationale Pepr defaults to rbacMode: "admin" because the initial experience is designed to be frictionless for new users. This mode ensures that users can deploy and...

CVE-2018-18377

goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...

CVE-2025-66051 Path traversal in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor ha...

CVE-2025-66050

CVE-2025-66050 (Vivotek IP7137, firmware 0200a) is linked to multiple issues: path traversal (CVE-2025-66051), information disclosure via RTSP without authentication (CVE-2025-66049), and command injection through /cgi-bin/admin/setparam.cgi (CVE-2025-66052). All references indicate default admin...

CVE-2025-66050 No password set for administrative account in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions...

CVE-2019-11202

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may...

CVE-2020-10965

Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2...

PT-2025-52680

Name of the Vulnerable Software and Affected Versions ClipBucket version 5.5.2 Description The software is affected by an improper access control issue stemming from hardcoded default administrative credentials. An unauthenticated remote attacker can leverage these credentials to log in to the...

CVE-2025-67418

ClipBucket 5.5.2 is affected by an improper access control flaw caused by hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these defaults, gaining full administrative control of the application. This CVE entry is support...

CVE-2025-64062

The Primakon Pi Portal 1.0.18 /api/V2/ppusers?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value e.g., [email protected], an attacker can assume the session and gain...

PT-2025-45340

Name of the Vulnerable Software and Affected Versions WatchGuard Firebox versions through 2025-09-10 Description The default configuration of WatchGuard Firebox devices allows administrative access via SSH on port 4118 using the default 'readwrite' password for the 'admin' account. This allows...

GO-2025-4040 NetBird VPN does not remove the default password of an admin account in github.com/netbirdio/netbird

NetBird VPN does not remove the default password of an admin account in github.com/netbirdio/netbird...

SUSE CVE-2025-10678

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

GHSA-G3J4-58MP-3X25 NetBird VPN does not remove the default password of an admin account

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

NetBird VPN does not remove the default password of an admin account

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

CVE-2025-10678

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

CVE-2025-10678 Admin with default credentials in NetBird VPN

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not...

EUVD-2025-28745

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...