Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Summary An unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in...

CVE-2025-35970

On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the...

FUJIFILM FRONTIER DX400W 安全漏洞

FUJIFILM FRONTIER DX400W is a compact photo inkjet printer from Fujifilm FUJIFILM Japan. A security vulnerability exists in the FUJIFILM FRONTIER DX400W that stems from the initial administrator password being guessable, which could result in elevated privileges...

CVE-2020-24739

A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRFTOKEN and can still request normally, all administrators except the initial administrator will be deleted...

Satellite: Interface to create the initial administrator user remains open after installation

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...

Satellite: Interface to create the initial administrator user remains open after installation

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...