CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

CVE-2025-34223 Vasion Print (formerly PrinterLogic) Insecure Installation Credentials

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

CVE-2025-34223 Vasion Print (formerly PrinterLogic) Insecure Installation Credentials

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

CVE-2025-34223

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments contain a default admin account and an installation‑time endpoint at /admin/query/updatedatabase.php that can be accessed without authentication. An...

CVE-2025-34223

CVE-2025-34223 affects Vasion Print Virtual Appliance Host (pre-22.0.1049) and Vasion Print Application (pre-20.0.2786). An unauthenticated attacker can reach an installation-time endpoint at /admin/query/update_database.php, submit arbitrary root_user/root_password values, and replace the defaul...

PT-2025-39901

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS, a self-hostable RSS aggregator, discloses information about feeds and tags belonging to default admin users. This is due to missing access controls within the FreshRSS Auth::hasAccess...

CVE-2025-10542 Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...

iMonitor EAM 安全漏洞

iMonitor EAM is an employee computer network activity monitoring software from iMonitor USA. A security vulnerability exists in iMonitor EAM version 9.6394, which stems from the use of default administrative credentials without mandatory modifications, which could allow a remote attacker to take...

CVE-2025-35042

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.2...

CVE-2025-35042

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.2...

CVE-2025-35042

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.2...

CVE-2025-35042

CVE-2025-35042 affects Airship AI Acropolis. A default administrative account with identical credentials across installations allows remote login and privilege escalation if the password is not changed. Affected versions prior to fixes are vulnerable; remediation is to upgrade to 10.2.35, 11.0.21...

PT-2025-38738

Name of the Vulnerable Software and Affected Versions Airship AI Acropolis versions prior to 10.2.35 Airship AI Acropolis versions prior to 11.0.21 Airship AI Acropolis versions prior to 11.1.9 Description Airship AI Acropolis includes a default administrative account that uses the same credentia...

CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

CVE-2025-57295

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access ca...

PT-2025-38476

Name of the Vulnerable Software and Affected Versions H3C devices versions NX15V100R015 Description H3C devices are susceptible to unauthorized access due to insecure default credentials. The root user account lacks a password, and the H3C user account utilizes the default password “admin”, both...

CVE-2025-8077

CVE-2025-8077 describes a vulnerability in NeuVector up to version 5.4.5 where the built-in admin account uses a fixed string as the default password. If this password is not changed after deployment, any workload with network access within the cluster could use the default credentials to obtain ...

CVE-2025-8077 NeuVector admin account has insecure default password

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector versions 5.4.5 and earlier, which stems...