Low
CVE-2025-2341
A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of def…
Tag: Default Credentials
All CVEs associated with "Default Credentials". Page 2/5 • 518 CVEs.
Subscribe CVEs: RSS for “Default Credentials” · RSS (High+Critical only)
About “Default Credentials”
A curated feed of “Default Credentials”-related CVEs appears below. We currently track 518 CVEs for this tag (all time). In the last 365 days, 100 were published. Average CVSS is 8.4 (all time; 8.0 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1392 - Use of Default Credentials, CWE-798 - Use of Hard-coded Credentials, CWE-1393 - Use of Default Password.
In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-03-16
2025-03-12
Critical
CVE-2025-1960
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have no…
2025-03-09
Low
CVE-2025-2119
A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler.…
2025-03-03
Low
CVE-2025-1878
A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of def…
2025-02-15
Critical
CVE-2025-26793
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not p…
2025-02-13
High
CVE-2024-12013
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin creden…
2025-02-11
High
CVE-2024-54015
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.…
2025-02-10
High
CVE-2025-1160
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation…
High
CVE-2024-46433
A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative pr…
2025-02-04
Critical
CVE-2025-0890
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in…
2025-01-28
Critical
CVE-2022-3365
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be…
2025-01-23
High
CVE-2025-23012
Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was releas…
2025-01-15
High
CVE-2025-0482
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of d…
2025-01-09
High
CVE-2024-43659
After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. This issue…
2024-12-27
High
CVE-2024-12856
The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execu…
2024-12-23
High
CVE-2024-12902
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts…
2024-12-17
High
CVE-2024-10476
Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as pr…
2024-12-10
High
CVE-2024-50699
TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.
Critical
CVE-2024-12286
MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.
2024-12-05
Critical
CVE-2024-51555
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affec…
Critical
CVE-2024-51554
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series…
Critical
CVE-2024-51551
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series…
2024-12-02
High
CVE-2024-53937
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is…
2024-11-25
Medium
CVE-2022-33862
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.
2024-11-18
Critical
CVE-2024-51051
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.
2024-11-11
High
CVE-2024-11067
The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's…
2024-11-08
Critical
CVE-2024-50588
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the data…
2024-10-30
High
CVE-2024-48271
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the devi…
2024-10-28
High
CVE-2024-6245
Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 20…
2024-10-24
High
CVE-2024-45242
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the…
2024-10-17
Critical
CVE-2024-10025
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK p…
2024-10-15
Medium
CVE-2024-9594
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw provi…
Critical
CVE-2024-9486
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmo…
2024-09-18
Medium
CVE-2024-46959
runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audi…
2024-08-31
High
CVE-2024-39747
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
2024-08-27
Critical
CVE-2024-6633
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confi…
2024-08-17
High
CVE-2024-7898
A vulnerability classified as critical was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation…
2024-08-13
Critical
CVE-2024-7746
Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by…
High
CVE-2024-6788
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default passwo…
High
CVE-2024-35124
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker…
2024-07-26
Medium
CVE-2024-41690
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physi…
2024-07-24
Critical
CVE-2023-45249
Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before buil…
2024-07-18
Medium
CVE-2023-40704
The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked.…
2024-07-17
Medium
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The pr…
2024-07-09
Medium
CVE-2024-5632
Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the inst…
2024-07-01
High
CVE-2024-24749
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache T…
High
CVE-2024-4007
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.
2024-06-16
Critical
CVE-2024-38466
Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password.
2024-06-13
High
CVE-2024-38282
Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot…
2024-05-28
Critical
CVE-2023-43845
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to…
High
CVE-2023-43844
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log…
2024-05-23
High
CVE-2024-5245
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of N…
2024-05-20
Medium
CVE-2024-35192
Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials f…
2024-05-15
High
CVE-2024-4622
If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledg…
2024-05-03
High
CVE-2023-32145
D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 r…
2024-04-15
Critical
CVE-2024-29844
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the app…
2024-04-12
High
CVE-2024-31069
IO-1020 Micro ELD web server uses a default password for authentication.
2024-03-26
High
CVE-2024-28093
The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.
2024-03-25
Critical
CVE-2024-29666
Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.
2024-02-20
High
CVE-2024-25607
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 befo…
2024-01-23
Critical
CVE-2023-35837
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a…
2024-01-11
Medium
CVE-2023-50124
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient…
2024-01-09
Critical
CVE-2023-49621
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. A…
2023-12-14
High
CVE-2023-43042
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
2023-12-07
Critical
CVE-2023-39169
The affected devices use publicly available default credentials with administrative privileges.
2023-11-10
Critical
CVE-2023-47800
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exf…
2023-10-11
Medium
CVE-2023-45194
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated…
2023-10-10
Critical
CVE-2023-30801
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, th…
2023-10-09
Medium
CVE-2023-39854
The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/ge…
2023-09-19
Critical
CVE-2022-47558
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could all…
2023-09-18
High
CVE-2023-41595
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
2023-09-14
Critical
CVE-2023-37755
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and…
Medium
CVE-2023-41010
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the defaul…
2023-09-03
Critical
CVE-2023-3703
Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials
2023-08-17
Medium
CVE-2023-31492
Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.
2023-08-14
Critical
CVE-2023-3265
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user…
2023-08-07
Critical
CVE-2023-32090
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials
2023-06-22
High
CVE-2023-28094
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.
2023-06-07
Critical
CVE-2023-33282
Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to…
2023-06-02
Critical
CVE-2023-30603
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remo…
2023-05-24
High
CVE-2023-1944
This vulnerability enables ssh access to minikube container using a default password.
2023-05-10
Critical
CVE-2023-30352
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.
High
CVE-2023-30351
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers…
2023-05-01
High
CVE-2023-0896
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
2023-04-27
Critical
CVE-2023-1778
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by…
2023-04-26
Critical
CVE-2022-39989
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials.
2023-04-24
Critical
CVE-2023-25131
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remo…
2023-04-19
High
CVE-2023-30797
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain acce…
2023-04-04
High
CVE-2020-21514
An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.
2023-03-31
High
CVE-2022-47188
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/s…
2023-03-27
Critical
CVE-2022-4126
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.
2023-02-06
High
CVE-2022-42951
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (be…
2023-01-20
High
CVE-2023-22331
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
2022-12-16
High
CVE-2022-47209
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally acces…
2022-12-08
Medium
CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to…
2022-12-05
High
CVE-2022-40259
MegaRAC Default Credentials Vulnerability
High
CVE-2022-40242
MegaRAC Default Credentials Vulnerability
2022-12-04
High
CVE-2022-46411
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate…
2022-11-29
Low
CVE-2022-32967
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire…
2022-11-23
High
CVE-2020-23592
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to…
2022-11-15
High
CVE-2022-20918
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center…
2022-10-06
Medium
CVE-2022-39273
FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the p…
2022-09-13
Medium
CVE-2022-38069
Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Privileged cred…
2022-08-28
Critical
CVE-2022-38557
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
Critical
CVE-2022-38556
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
2022-08-25
High
CVE-2022-31269
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 defa…
2022-08-18
High
CVE-2022-35198
Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information.
2022-08-17
Critical
CVE-2022-2336
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the…
2022-08-15
High
CVE-2022-36524
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh.
2022-07-26
Critical
CVE-2022-30270
The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations th…
2022-06-24
Medium
CVE-2022-1666
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.
2022-06-14
High
CVE-2022-26476
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unau…
2022-06-02
High
CVE-2022-22767
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same…
2022-05-20
High
CVE-2021-30028
SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmwa…
2022-05-18
Medium
CVE-2021-42849
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
2022-04-03
Critical
CVE-2021-30064
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials…
2022-03-19
High
CVE-2022-27226
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the ent…
2022-03-03
Medium
CVE-2021-43774
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default crede…
2022-02-20
High
CVE-2021-45083
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privil…
2022-02-15
Medium
CVE-2022-25184
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Rea…