CVEs classified under CWE-258, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-9276 — CVSS 9.8 (critical): Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote…
CVE-2019-5021 — CVSS 9.8 (critical): Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to…
CVE-2018-17914 — CVSS 9.8 (critical): InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This…
CVE-2024-28744 — CVSS 8.8 (high): The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and…
CVE-2023-39439 — CVSS 8.8 (high): SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without…
CVE-2020-29478 — CVSS 7.5 (high): CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker…
CVE-2025-4395 — CVSS 6.8 (medium): Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to…
CVE-2024-4106 — CVSS 5.3 (medium): A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore…