Total
225 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-24049 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2025-05-29 | 9.8 Critical |
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. | ||||
CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2025-05-23 | 9.8 Critical |
Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | ||||
CVE-2025-48372 | 2025-05-23 | N/A | ||
Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue. | ||||
CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-20 | 4.3 Medium |
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | ||||
CVE-2025-22390 | 1 Optimizely | 1 Optimizely Cms | 2025-05-20 | 7.5 High |
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking. | ||||
CVE-2025-26847 | 1 Znuny | 1 Znuny | 2025-05-16 | 9.1 Critical |
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked. | ||||
CVE-2024-42173 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 4.8 Medium |
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. | ||||
CVE-2023-38369 | 1 Ibm | 1 Security Access Manager Container | 2025-05-15 | 6.2 Medium |
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196. | ||||
CVE-2025-4534 | 2025-05-12 | 3.7 Low | ||
A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2022-3754 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-08 | 9.8 Critical |
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||||
CVE-2024-48271 | 1 Dlink | 3 Dsl-6740c, Dsl-6740c Firmware, Dsl6740c Firmware | 2025-05-07 | 8.8 High |
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. | ||||
CVE-2024-48272 | 1 Dlink | 3 Dsl-6740c, Dsl-6740c Firmware, Dsl6740c Firmware | 2025-05-07 | 6.5 Medium |
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack. | ||||
CVE-2024-47121 | 1 Gotenna | 1 Gotenna Pro | 2025-05-02 | 5.3 Medium |
The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions. | ||||
CVE-2022-43030 | 1 Siyucms | 1 Siyucms | 2025-05-01 | 7.2 High |
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges | ||||
CVE-2022-45482 | 1 Lazy Mouse Project | 1 Lazy Mouse | 2025-04-24 | 9.8 Critical |
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||||
CVE-2021-39434 | 1 Zkteco | 1 Zktime | 2025-04-24 | 7.5 High |
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220. | ||||
CVE-2022-41969 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-23 | 2.4 Low |
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. | ||||
CVE-2022-44236 | 1 Zed-3 | 1 Voip Simplicity Asg | 2025-04-21 | 9.8 Critical |
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability. | ||||
CVE-2017-1221 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | N/A |
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. | ||||
CVE-2017-7903 | 1 Rockwellautomation | 21 1763-l16awa Series A, 1763-l16awa Series B, 1763-l16bbb Series A and 18 more | 2025-04-20 | N/A |
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password. |