Total
734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7080 | 2025-07-06 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-7079 | 2025-07-06 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6932 | 2025-07-03 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2012-6428 | 1 Carlosgavazzi | 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware | 2025-07-01 | 10.0 HIGH | N/A |
| The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. | |||||
| CVE-2012-1977 | 1 Wellintech | 1 Kingview | 2025-06-26 | 7.1 HIGH | N/A |
| WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. | |||||
| CVE-2025-6139 | 1 Totolink | 2 T10, T10 Firmware | 2025-06-26 | 3.7 LOW | 3.9 LOW |
| A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4286 | 2025-05-05 | 3.3 LOW | 2.7 LOW | ||
| A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release. | |||||
| CVE-2016-6110 | 3 Ibm, Linux, Microsoft | 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more | 2025-04-20 | 2.1 LOW | 6.5 MEDIUM |
| IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | |||||
| CVE-2015-8282 | 1 Seawell Networks | 1 Spectrum Sdc | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | |||||
| CVE-2015-7258 | 1 Zte | 2 Zxv10 W300, Zxv10 W300 Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | |||||
| CVE-2016-8566 | 1 Siemens | 1 Sicam Pas | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | |||||
| CVE-2016-9081 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. | |||||
| CVE-2016-9750 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. | |||||
| CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | |||||
| CVE-2016-10401 | 1 Zyxel | 2 Pk5001z, Pk5001z Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | |||||
| CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | |||||
| CVE-2016-6815 | 1 Apache | 1 Ranger | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. | |||||
| CVE-2016-9355 | 1 Bd | 1 Alaris 8015 Pc Unit | 2025-04-20 | 2.1 LOW | 5.3 MEDIUM |
| An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience. | |||||
| CVE-2016-8918 | 1 Ibm | 1 Integration Bus | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. | |||||
| CVE-2016-6093 | 1 Ibm | 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | |||||