Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42051 | 1 Splashtop | 1 Streamer | 2025-09-03 | N/A | 7.8 HIGH |
| The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg. | |||||
| CVE-2024-7558 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 8.7 HIGH |
| JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. | |||||
| CVE-2025-6737 | 2025-08-25 | N/A | 7.2 HIGH | ||
| Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions. | |||||
| CVE-2025-55584 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 5.3 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. | |||||
| CVE-2025-35970 | 2025-08-07 | N/A | 7.5 HIGH | ||
| On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If the administrator password is not changed from the initial one, a remote attacker with SNMP access can log in to the product with the administrator privilege. | |||||
| CVE-2025-52364 | 1 Tenda | 2 Cp3 Pro, Cp3 Pro Firmware | 2025-08-07 | N/A | 7.5 HIGH |
| Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to connect to the device s shell over the network, potentially without authentication if default or weak credentials are present | |||||
| CVE-2025-6077 | 2025-08-05 | N/A | 9.8 CRITICAL | ||
| Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions. | |||||
| CVE-2025-4057 | 2025-07-31 | N/A | 5.5 MEDIUM | ||
| A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. | |||||
| CVE-2025-53558 | 2025-07-31 | N/A | 8.8 HIGH | ||
| ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. | |||||
| CVE-2024-51978 | 2025-07-25 | N/A | 9.8 CRITICAL | ||
| An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request. | |||||
| CVE-2025-6523 | 2025-07-25 | N/A | 7.7 HIGH | ||
| Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier | |||||
| CVE-2024-28066 | 1 Mitel | 28 6905, 6905 Firmware, 6910 and 25 more | 2025-06-18 | N/A | 8.8 HIGH |
| In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | |||||
| CVE-2025-32471 | 2025-04-29 | N/A | 3.7 LOW | ||
| The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks. | |||||
| CVE-2024-29071 | 2025-03-28 | N/A | 8.8 HIGH | ||
| HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. | |||||
| CVE-2024-21865 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. | |||||
| CVE-2025-2229 | 2025-03-13 | N/A | 7.7 HIGH | ||
| A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. | |||||
| CVE-2025-22936 | 2025-02-12 | N/A | 5.7 MEDIUM | ||
| An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers. | |||||
| CVE-2023-28368 | 1 Tp-link | 2 T2600g-28sq, T2600g-28sq Firmware | 2025-02-10 | N/A | 5.7 MEDIUM |
| TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained. | |||||
| CVE-2025-1081 | 2025-02-06 | 1.8 LOW | 3.1 LOW | ||
| A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-52331 | 2025-01-23 | N/A | 7.5 HIGH | ||
| ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. | |||||