CVE-2026-9039 Initialization of a resource with an insecure default in XCharge C6

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

Hitachi SuprOS security vulnerabilities

Hitachi SuprOS is a centralized management system for power distribution automation and communication devices developed by Hitachi, a Japanese company. Hitachi SuprOS has a security vulnerability, which stems from the presence of default credentials. This vulnerability could allow authenticated...

CVE-2022-38556

Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh...

CVE-2022-38557

D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh...

EUVD-2019-5078

Malware in sbrugna...

EUVD-2019-5077

Malware in sbrugna...

EUVD-2023-53563

Malicious code in bioql PyPI...

EUVD-2024-45755

Malicious code in bioql PyPI...

EUVD-2024-45757

Malicious code in bioql PyPI...

EUVD-2022-41135

Malicious code in bioql PyPI...

EUVD-2022-26168

Malicious code in bioql PyPI...

EUVD-2025-25257

Malicious code in bioql PyPI...

EUVD-2022-36901

Malicious code in bioql PyPI...

EUVD-2022-41134

Malicious code in bioql PyPI...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: gobuster, dapr, dive, kubernetes-dashboard-auth, wal-g, kuberlr, kubernetes-dashboard-web, gcp-compute-persistent-disk-csi-driver, ko, oauth2-proxy, tempo, kubernetes-dashboard-api, terraform, chart-testing, migrate, opentofu, nri-consul, vault-csi-provider, eksctl,...

CVE-2025-57789 Vulnerability in Initial Administrator Login Process

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

CVE-2025-53758 Default Credential Vulnerability in Digisol DG-GR6821AC Router

This vulnerability exists in Digisol DG-GR6821AC Router due to use of default admin credentials at its web management interface. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the hardcoded default...

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...

CVE-2022-33862

IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems...

Curl 7.76.0 < 8.12.0 Default Credential Leak (CVE-2025-0167)

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...