CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials m...

CVE-2026-26218

CVE-2026-26218 affects newbee-mall where the database initialization script seeds administrator accounts with a predictable default password. This enables unauthenticated attackers to log in as an administrator and gain full control of the application if the default credentials are not changed du...

PT-2026-7887

Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The application includes pre-seeded administrator accounts in its database initialization script, which are provisioned with a predictable default password. Deployments that initialize or...

CVE-2025-13955

Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers...

CVE-2025-13955

CVE-2025-13955 describes a vulnerability in EZCast Pro II dongle (software version 1.17478.146) where the Wi‑Fi access point password is predictable. Attackers within Wi‑Fi range can deduce the default password from observable device identifiers, granting access to the dongle. The vulnerability i...

CVE-2025-13955

Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers...

EUVD-2020-6071

Malware in sbrugna...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-52549 Predictable root linux password generation

E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...

CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

CVE-2025-6519

CVE-2025-6519 overview (confirmed details) : Affects Copeland E3 Site Supervisor firmware versions prior to 2.31F01. The vulnerability stems from a default admin account named “ONEDAY” that uses a daily-generated password which can be predicted. The ONEDAY user cannot be deleted or modified by an...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01 that stems from a predictable default user ONEDAY password...

PT-2025-35562

Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor versions prior to 2.31F01 Description: E3 Site Supervisor firmware contains a default administrator account, ONEDAY, with a daily generated password that is predictable. The ONEDAY user cannot be deleted or modified...

CVE-2020-13860

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password...

Airtel Xstream Fiber WiFi Weak Authentication / Brute Force

Airtel Xstream Fiber WiFi devices use a weak password scheme that can be brute forced and only consists of 5 digits. Exploit Title: Airtel Xstream Fiber WiFi - Usage of Weak Initial WiFi password Date: 22-Jan-2025 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd...

PT-2024-21115 · Arris · Arris Sbg6580

Name of the Vulnerable Software and Affected Versions: Arris SBG6580 affected versions not specified Description: The issue concerns Arris SBG6580 devices, which have predictable default WPA2 security passwords. This predictability could lead to unauthorized remote access. The passwords are...

CVE-2023-47352

Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords...

Default credentials

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information...