Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41778 | 1 Ibm | 1 Controller | 2025-03-04 | 5.3 Medium |
| IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2022-45635 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | 7.5 High |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | ||||
| CVE-2025-1341 | 2025-02-18 | 3.7 Low | ||
| A vulnerability, which was classified as problematic, was found in PMWeb 7.2.0. This affects an unknown part of the component Setting Handler. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-36789 | 2025-02-13 | 8.1 High | ||
| An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. | ||||
| CVE-2023-37398 | 1 Ibm | 1 Aspera Faspex | 2025-02-12 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2023-35907 | 1 Ibm | 1 Aspera Faspex | 2025-02-12 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2023-1753 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-11 | 5.5 Medium |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2022-34333 | 1 Ibm | 1 Sterling Order Management | 2025-02-10 | 5.9 Medium |
| IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. | ||||
| CVE-2024-22068 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2025-02-07 | 6 Medium |
| Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. | ||||
| CVE-2023-2106 | 1 Janeczku | 1 Calibre-web | 2025-02-06 | 9.8 Critical |
| Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. | ||||
| CVE-2023-24502 | 1 Electra-air | 2 Central Ac Unit, Central Ac Unit Firmware | 2025-02-06 | 7.5 High |
| Electra Central AC unit – The unit opens an AP with an easily calculated password. | ||||
| CVE-2022-32513 | 1 Schneider-electric | 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more | 2025-02-05 | 9.8 Critical |
| A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0) | ||||
| CVE-2023-2160 | 1 Modoboa | 1 Modoboa | 2025-02-05 | 6.3 Medium |
| Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. | ||||
| CVE-2023-31043 | 1 Enterprisedb | 1 Postgres Advanced Server | 2025-02-04 | 7.5 High |
| EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0. | ||||
| CVE-2023-25184 | 1 Seiko-sol | 6 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 3 more | 2025-01-28 | 5.3 Medium |
| Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier. | ||||
| CVE-2023-25072 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2025-01-28 | 6.5 Medium |
| Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. | ||||
| CVE-2024-42173 | 2025-01-13 | 4.8 Medium | ||
| HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. | ||||
| CVE-2025-22390 | 2025-01-06 | 7.5 High | ||
| An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking. | ||||
| CVE-2024-22355 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-23 | 5.9 Medium |
| IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781. | ||||
| CVE-2024-48845 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 9.4 Critical |
| Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | ||||