CVE-2026-58466 — CVSS 9.8 (critical): AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as…
CVE-2026-58453 — CVSS 9.8 (critical): JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows…
CVE-2026-44159 — CVSS 9.8 (critical): Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before…
CVE-2026-42072 — CVSS 9.8 (critical): Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to…
CVE-2026-27751 — CVSS 9.8 (critical): SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to…
CVE-2026-26341 — CVSS 9.8 (critical): Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be…
CVE-2026-26366 — CVSS 9.8 (critical): eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and…
CVE-2022-50803 — CVSS 9.8 (critical): JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with…
CVE-2025-54303 — CVSS 9.8 (critical): The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM…
CVE-2025-34516 — CVSS 9.8 (critical): Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated…
CVE-2025-10542 — CVSS 9.8 (critical): iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection…
CVE-2025-35042 — CVSS 9.8 (critical): Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship…
CVE-2025-8731 — CVSS 9.8 (critical): A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component…
CVE-2025-30139 — CVSS 9.8 (critical): An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with…
CVE-2024-12286 — CVSS 9.8 (critical): MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials.
CVE-2024-29844 — CVSS 9.8 (critical): Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform…
CVE-2023-49621 — CVSS 9.8 (critical): A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected…
CVE-2023-30603 — CVSS 9.8 (critical): Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to…
CVE-2021-47707: COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream…
CVE-2025-12592: Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.
CVE-2025-10678: NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by…
CVE-2026-7428: Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with…
CVE-2025-59108: By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not…
CVE-2025-12217 — CVSS 9.1 (critical): SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-51535 — CVSS 9.1 (critical): Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
CVE-2025-29629 — CVSS 9.1 (critical): Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak…
CVE-2026-9844: Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows…
CVE-2025-7740: Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin…
CVE-2026-22273 — CVSS 8.8 (high): Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials…
CVE-2025-6529 — CVSS 8.8 (high): A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of…
CVE-2024-4007 — CVSS 8.8 (high): Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances…
CVE-2024-28093 — CVSS 8.8 (high): The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level…
CVE-2024-6788 — CVSS 8.6 (high): A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the…
CVE-2026-7365 — CVSS 8.4 (high): IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the…
CVE-2025-54756 — CVSS 8.4 (high): BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable…
CVE-2024-12902 — CVSS 8.4 (high): ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product…
CVE-2026-42941 — CVSS 8.3 (high): The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.
CVE-2024-4622: If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default…
CVE-2024-39584 — CVSS 8.2 (high): Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could…
CVE-2026-1803 — CVSS 8.1 (high): A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This…
CVE-2025-5124 — CVSS 8.1 (high): A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to…
CVE-2024-39747 — CVSS 8.1 (high): IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
CVE-2024-10476 — CVSS 8.0 (high): Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access…
CVE-2023-43844 — CVSS 8.0 (high): Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the…
CVE-2026-32652 — CVSS 7.8 (high): Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console…
CVE-2025-22460 — CVSS 7.8 (high): Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their…
CVE-2024-5245 — CVSS 7.8 (high): NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local…