CVE-2026-35025

ProFTPD versions affected: 1.3.9b and 1.3.10rc2. Issue: an access control bypass in the RNFR path handling allows authenticated FTP users to bypass Directory ACL restrictions by prefixing paths with /proc/self/root. Root cause: unresolved symlink components in dir_canonical_path() cause dir_check...

CVE-2026-54445

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username root and password root. This is not ideal because attackers know that almost all vantage6 servers have a user with username root that probably has admin rights,...

GHSA-H535-J5HR-MV56 DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

CVE-2026-44218

ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2...

CVE-2016-2360

Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations...

EUVD-2025-201181

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with netwo...

EUVD-2009-1740

Malware in sbrugna...

EUVD-2008-5083

Malware in sbrugna...

EUVD-2007-6050

Malware in sbrugna...

EUVD-2011-1623

Malware in sbrugna...

EUVD-2025-30192

Malicious code in bioql PyPI...

CVE-2025-30519

Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system...

Dover Fueling Solutions ProGauge MagLink LX4 安全漏洞

The Dover Fueling Solutions ProGauge MagLink LX4 is an automated tank gauging system console from Dover Fueling Solutions, USA. A security vulnerability exists in several Dover products that stems from the use of default root credentials that cannot be changed through standard administrative...

Privilege Escalation

github.com/kubernetes-sigs/image-builder is vulnerable to privilege escalation. The vulnerability is due to default root credentials being enabled during the Windows image build process with Nutanix or VMware OVA providers, which allows an attacker with access to the build VM to modify the image...

CVE-2025-7342

A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters...

CVE-2023-20040

A vulnerability in the NETCONF service of Cisco Network Services Orchestrator NSO could allow an authenticated, remote attacker to cause a denial of service DoS on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group...

RHEL 6 : cfme (RHSA-2015:0028)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0028 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

PT-2024-32300 · Runofast · Runofast Indoor Security Camera For Baby Monitor

Name of the Vulnerable Software and Affected Versions: runofast Indoor Security Camera for Baby Monitor affected versions not specified Description: The issue concerns a default password set as password for the root account, allowing unauthorized access to the "/stream1" URI via the rtsp://...

runofast Indoor Security Camera for Baby Monitor 安全漏洞

runofast Indoor Security Camera for Baby Monitor is a 1080P HD home monitoring device for baby monitoring. A security vulnerability exists in the runofast Indoor Security Camera for Baby Monitor that stems from the default password for the root account being password. this allows access to the...

CVE-2024-22902

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials...