Total
193 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1993 | 1 Ibm | 2 App Connect Enterprise Certified Containers Operands, App Connect Operator | 2025-08-20 | N/A | 5.5 MEDIUM |
| IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user. | |||||
| CVE-2025-55299 | 2025-08-18 | N/A | N/A | ||
| VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the password based login only effected the frontend, but still allowed login via the API. This vulnerability is fixed in 0.9.1. | |||||
| CVE-2024-41778 | 1 Ibm | 1 Controller | 2025-08-08 | N/A | 6.5 MEDIUM |
| IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2025-8182 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-08-01 | N/A | 7.4 HIGH |
| A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2019-19145 | 2025-08-01 | N/A | N/A | ||
| Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords. | |||||
| CVE-2023-27272 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-07-17 | N/A | 8.8 HIGH |
| IBM Aspera Console 3.4.0 through 3.4.4 allows passwords to be reused when a new user logs into the system. | |||||
| CVE-2024-22330 | 1 Ibm | 1 Security Verify Governance | 2025-07-14 | N/A | 9.8 CRITICAL |
| IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||
| CVE-2023-49238 | 1 Gradle | 1 Enterprise | 2025-06-17 | N/A | 9.8 CRITICAL |
| In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. | |||||
| CVE-2023-24049 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. | |||||
| CVE-2025-48372 | 2025-05-22 | N/A | N/A | ||
| Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue. | |||||
| CVE-2025-22390 | 1 Optimizely | 1 Optimizely Cms | 2025-05-20 | N/A | N/A |
| An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking. | |||||
| CVE-2025-26847 | 1 Znuny | 1 Znuny | 2025-05-16 | N/A | 7.5 HIGH |
| An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked. | |||||
| CVE-2024-42173 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | N/A | 4.8 MEDIUM |
| HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. | |||||
| CVE-2025-4534 | 2025-05-11 | N/A | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-43030 | 1 Siyucms | 1 Siyucms | 2025-05-01 | N/A | 7.2 HIGH |
| Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges | |||||
| CVE-2021-39434 | 1 Zkteco | 1 Zktime | 2025-04-24 | N/A | 7.5 HIGH |
| A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. | |||||
| CVE-2022-45482 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2025-04-24 | N/A | 9.8 CRITICAL |
| Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||||
| CVE-2022-44236 | 1 Zed-3 | 1 Voip Simplicity Asg | 2025-04-21 | N/A | 9.8 CRITICAL |
| Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. | |||||
| CVE-2025-25211 | 2025-03-31 | N/A | N/A | ||
| Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login. | |||||
| CVE-2024-21865 | 2025-03-28 | N/A | N/A | ||
| HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. | |||||