Low
CVSS: 2.7
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATORS…
Medium
CVSS: 4.2
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts.
Critical
CVSS: 9.1
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, password) without enforcing minimum strength requirements. Additionally, active sessions…
Critical
CVSS: 9.8
The web management interface of the device allows the administrator
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet serv…
Low
CVSS: 1.0
A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be…
Low
CVSS: 3.1
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access
Medium
CVSS: 5.7
Man-in-the-middle attack vulnerability in the Clone module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
High
CVSS: 8.5
Weak Password Requirements vulnerability in Apache Fineract.
This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0.
Users are encouraged to upgrade to version 1.13.0, the latest release.
Medium
CVSS: 6.9
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute force…
Critical
CVSS: 9.8
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the r…
Low
CVSS: 3.7
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability…
High
CVSS: 7.5
The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_passw…
Critical
CVSS: 9.8
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default confi…
High
CVSS: 8.8
General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may
allow an attacker to execute a brute-force attack resulting in
unauthorized access and login.
Medium
CVSS: 6.9
Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Critical
CVSS: 9.8
MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.
T…
Critical
CVSS: 10.0
Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
High
CVSS: 8.3
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead t…
Medium
CVSS: 6.3
A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lea…
Medium
CVSS: 5.9
IBM Transformation Extender Advanced 10.0.1
does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.