CVE-2026-42941

The CVE-2026-42941 relates to the Danelec MacGregor Voyage Data Recorder (VDR) G4e, which ships with default credentials and no enforced password change. The confirmed issues include hard-coded/default accounts, an authenticated user being able to download device backups containing account data a...

CVE-2026-22886

OpenMQ exposes a TCP-based management service imqbrokerd that by default requires authentication. However, the product ships with a default administrative account admin/ admin and does not enforce a mandatory password change on first use. After the first successful login, the server continues to...

Application User custom defined accounts are not properly password protected in Brocade ASCG 3.4.0 (CVE-2026-0869)

Application User accounts with Brocade ASCG application privileges created by the administrator are not properly being password enforced. Any other user that learns of the assigned user name can access the custom created application manager account and gain access to the Brocade ASCG application...

CVE-2026-25791

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored...

CVE-2022-50981

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...

CVE-2022-50981

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...

EUVD-2022-55958

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...

CVE-2022-50981

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...

PT-2026-5668

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...

CVE-2021-28914

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access...

Weak Password Requirements

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient enforcement of password complexity requirements during the user creati...

Survision LPR Camera 访问控制错误漏洞

Survision LPR Camera is a license plate recognition camera from Survision France. An access control error vulnerability exists in Survision LPR Camera that stems from password protection not being enforced by default, which could lead to unauthorized access...

EUVD-2011-4226

Malware in sbrugna...

EUVD-2020-17740

Malware in sbrugna...

EUVD-2021-15567

Malware in sbrugna...

EUVD-2007-0826

Malware in sbrugna...

CVE-2024-22330

IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

CVE-2024-41778

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

PT-2025-9179 · Ibm · Ibm Controller

Name of the Vulnerable Software and Affected Versions: IBM Controller versions 11.0.0 through 11.0.1 IBM Controller version 11.1.0 Description: The issue makes it easier for attackers to compromise user accounts because it does not require strong passwords by default. Recommendations: For IBM...

Weak Password Enforcement

ethycafides is vulnerable to Weak Password Enforcement. The vulnerability is due to a lack of server-side password policy enforcement in the /api/v1/user/accept-invite endpoint, allowing users to bypass client-side password complexity checks...