Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25211 | 2025-04-01 | N/A | 9.8 CRITICAL | ||
| Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login. | |||||
| CVE-2023-0569 | 1 Publify Project | 1 Publify | 2025-03-28 | N/A | 6.5 MEDIUM |
| Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | |||||
| CVE-2024-21865 | 2025-03-28 | N/A | 6.5 MEDIUM | ||
| HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. | |||||
| CVE-2025-1474 | 1 Lfprojects | 1 Mlflow | 2025-03-27 | N/A | 5.5 MEDIUM |
| In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0. | |||||
| CVE-2024-1345 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 6.8 MEDIUM |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | |||||
| CVE-2024-1346 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 6.8 MEDIUM |
| Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants. | |||||
| CVE-2024-47221 | 1 Rapidscada | 1 Rapid Scada | 2025-03-19 | N/A | 7.5 HIGH |
| CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. | |||||
| CVE-2019-18988 | 1 Teamviewer | 1 Teamviewer | 2025-03-14 | 4.4 MEDIUM | 7.0 HIGH |
| TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system. | |||||
| CVE-2024-41778 | 2025-03-01 | N/A | 5.3 MEDIUM | ||
| IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2022-45635 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | N/A | 7.5 HIGH |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | |||||
| CVE-2025-1341 | 2025-02-16 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. This affects an unknown part of the component Setting Handler. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-22068 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2025-02-07 | N/A | 6.0 MEDIUM |
| Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. | |||||
| CVE-2023-2106 | 1 Janeczku | 1 Calibre-web | 2025-02-06 | N/A | 9.8 CRITICAL |
| Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. | |||||
| CVE-2023-24502 | 1 Electra-air | 2 Central Ac Unit, Central Ac Unit Firmware | 2025-02-06 | N/A | 7.5 HIGH |
| Electra Central AC unit – The unit opens an AP with an easily calculated password. | |||||
| CVE-2023-31043 | 1 Enterprisedb | 1 Postgres Advanced Server | 2025-02-04 | N/A | 7.5 HIGH |
| EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0. | |||||
| CVE-2023-37398 | 2025-01-29 | N/A | 5.9 MEDIUM | ||
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2023-35907 | 2025-01-29 | N/A | 5.9 MEDIUM | ||
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2023-25184 | 1 Seiko-sol | 6 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 3 more | 2025-01-28 | N/A | 7.5 HIGH |
| Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier. | |||||
| CVE-2023-25072 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2025-01-28 | N/A | 7.5 HIGH |
| Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. | |||||
| CVE-2024-42173 | 2025-01-11 | N/A | 4.8 MEDIUM | ||
| HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. | |||||