Lucene search
K

2440 matches found

Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20862

Name of the Vulnerable Software and Affected Versions MLflow affected versions not specified Description MLflow is susceptible to an authentication bypass due to the use of default passwords. This allows unauthorized access to the system. The issue involves a critical security flaw with a CVSS...

9.8CVSS8.5AI score0.00968EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.6 views

PT-2026-8388

Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.5 Description Rocket TRUfusion Enterprise through version 7.10.5 has a path traversal issue in the WsPortalV6UpDwAxis2Impl service, accessible via the API endpoint...

9.9CVSS6.2AI score0.01027EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.6 views

CVE-2025-54756

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...

8.6CVSS5.5AI score0.00126EPSS
Exploits0References1
NVD
NVD
added 2026/02/12 7:15 p.m.7 views

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

9.8CVSS0.00367EPSS
Exploits1References2
OSV
OSV
added 2026/02/12 7:15 p.m.4 views

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

9.8CVSS5.8AI score0.00367EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/12 6:38 p.m.4 views

CVE-2026-26218 newbee-mall Default Seeded Administrator Credentials Allow Account Takeover

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

9.8CVSS5.5AI score0.00367EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/12 6:38 p.m.25 views

CVE-2026-26218 newbee-mall Default Seeded Administrator Credentials Allow Account Takeover

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

9.8CVSS0.00367EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 6:38 p.m.4 views

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

9.8CVSS5.5AI score0.00367EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/12 5:16 p.m.7 views

CVE-2025-54756

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...

8.6CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/02/12 4:34 p.m.11 views

CVE-2025-54756

CVE-2025-54756 affects BrightSign players running BrightSign OS. The vulnerability arises from the use of a default password that is guessable given knowledge of the device information, enabling potential unauthorized access. Affected versions are BrightSign OS Series 4 prior to 8.5.53.1 and Seri...

8.6CVSS5.5AI score0.00126EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.6 views

CVE-2026-25753

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.8CVSS5.4AI score0.00356EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 11:14 p.m.5 views

CVE-2020-37135

AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system...

9.3CVSS5.4AI score0.00428EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/02/06 7:16 p.m.8 views

CVE-2026-25753

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.8CVSS0.00356EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 6:57 p.m.5 views

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS5.5AI score0.00356EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 6:57 p.m.6 views

CVE-2026-25753

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS5.4AI score0.00356EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/06 6:57 p.m.4 views

EUVD-2026-5623

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS5.4AI score0.00356EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 6:57 p.m.17 views

CVE-2026-25753

PlaciPy (educational placement system) v1.0.0 has a hard-coded, static default password for all newly created student accounts, enabling mass account takeover. The vulnerability, described across multiple sources (NVD, Red Hat, CVE lists, OSV, ENISA, Attackerkb), states that any attacker who know...

9.8CVSS5.4AI score0.00356EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/06 6:57 p.m.31 views

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6818

Name of the Vulnerable Software and Affected Versions AMSS++ version 4.7 Description AMSS++ 4.7 has a flaw that permits unauthorized access to administrative accounts. This is due to the use of hardcoded credentials, specifically the default username 'admin' and password '1234'. Successful...

9.3CVSS5.4AI score0.00428EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6779

Name of the Vulnerable Software and Affected Versions PlaciPy version 1.0.0 Description PlaciPy, a placement management system for educational institutions, uses a hard-coded, static default password for all newly created student accounts in version 1.0.0. This allows for mass account takeover,...

9.8CVSS5.4AI score0.00356EPSS
Exploits0References8
Rows per page
Query Builder