CVEs classified under CWE-1393, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2025-26701 — CVSS 10.0 (critical): An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use…
CVE-2024-51555 — CVSS 10.0 (critical): Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not…
CVE-2026-35075 — CVSS 9.8 (critical): An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all…
CVE-2026-33784 — CVSS 9.8 (critical): A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an…
CVE-2026-24429 — CVSS 9.8 (critical): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in…
CVE-2025-66050 — CVSS 9.8 (critical): Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator…
CVE-2025-8077 — CVSS 9.8 (critical): A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the…
CVE-2025-27690 — CVSS 9.8 (critical): Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker…
CVE-2024-30802 — CVSS 9.8 (critical): An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.
CVE-2024-29666 — CVSS 9.8 (critical): Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to…
CVE-2025-26793: The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials…
CVE-2025-2766 — CVSS 8.8 (high): 70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass…
CVE-2024-49559 — CVSS 8.8 (high): Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A…
CVE-2023-28094 — CVSS 8.1 (high): Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default…
CVE-2023-43042 — CVSS 7.5 (high): IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged…
CVE-2026-2635 — CVSS 7.3 (high): MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on…
CVE-2024-13966 — CVSS 7.3 (high): ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default…
CVE-2025-14917 — CVSS 6.7 (medium): IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than…
CVE-2024-48987 — CVSS 6.6 (medium): Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is…
CVE-2025-43799 — CVSS 6.5 (medium): Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA…
CVE-2025-2921 — CVSS 6.4 (medium): A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd…
CVE-2026-3186 — CVSS 6.3 (medium): A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality…
CVE-2025-2347 — CVSS 6.3 (medium): A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of…
CVE-2025-43021 — CVSS 5.7 (medium): A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could…
CVE-2026-8672 — CVSS 5.1 (medium): Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and…
CVE-2025-1878 — CVSS 3.1 (low): A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code…
CVE-2025-9589 — CVSS 2.5 (low): A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing…