4242 matches found
CVE-2026-9844 Vulnerability in navify® Digital Pathology
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...
CVE-2026-9844
The vulnerability CVE-2026-9844 affects Roche Diagnostics navify Digital Pathology, specifically the RabbitMQ Management interface modules, where default credentials are used. Affected versions are navify Digital Pathology 2.0.0 up to (but not including) 2.4.1. The problem is the use of default u...
CVE-2026-9844
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...
CVE-2026-9844 Vulnerability in navify® Digital Pathology
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...
EUVD-2026-33923
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...
PT-2026-45764
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...
Roche Diagnostics navify Digital Pathology 安全漏洞
Roche Diagnostics navify Digital Pathology is an enterprise-level digital pathology software platform developed by Roche Diagnostics for the management and collaboration of pathological images. Versions 2.0.0 to 2.4.1 of Roche Diagnostics navify Digital Pathology contained security vulnerabilitie...
CVE-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users
Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...
Apache Solr 安全漏洞
Apache Solr is a search server based on Lucene, developed by the Apache Foundation in the United States. This product supports faceted searching, vertical searching, and highlighting search results. Vulnerabilities exist in Apache Solr versions 9.4.0 through 9.10.1, as well as 10.0.0, due to...
CVE-2026-9039
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...
CVE-2026-42941
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change...
Apache ActiveMQ RCE via Jolokia addNetworkConnector
Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...
CVE-2026-42941
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change...
CVE-2026-42941 MacGregor Voyage Data Recorder (VDR) G4e Use of Default Credentials
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change...
CVE-2026-42941
The CVE-2026-42941 relates to the Danelec MacGregor Voyage Data Recorder (VDR) G4e, which ships with default credentials and no enforced password change. The confirmed issues include hard-coded/default accounts, an authenticated user being able to download device backups containing account data a...
CVE-2026-42941 MacGregor Voyage Data Recorder (VDR) G4e Use of Default Credentials
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change...
PT-2026-44927
Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description The device contains a default username and password and does not require the user to change the password upon initial setup. Recommendations At the moment, ther...
📄 Apache ActiveMQ Jolokia AddNetworkConnector Remote Code Execution
Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...
Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞
The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. There is a security vulnerability present in the Danelec Marine Danelec MacGregor Voyage Data Recorder, which stems from the inclusion of a default username...
CVE-2026-9039 Initialization of a resource with an insecure default in XCharge C6
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...