CWE-1391
42 CVEs classified under CWE-1391. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39920 | Critical | 9.8 | 2026-04-24 | BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default… |
CVE-2026-22886 | Critical | 9.8 | 2026-03-03 | OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative ac… |
CVE-2025-30519 | Critical | 9.8 | 2025-09-18 | Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker w… |
CVE-2024-51978 | Critical | 9.8 | 2025-06-25 | An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated att… |
CVE-2024-12728 | Critical | 9.8 | 2024-12-19 | A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). |
CVE-2024-43698 | Critical | 9.8 | 2024-10-22 | Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. |
CVE-2026-44351 | Critical | 9.1 | 2026-05-13 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flo… |
CVE-2025-53558 | High | 8.8 | 2025-07-31 | ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log i… |
CVE-2024-7558 | High | 8.7 | 2024-10-02 | JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the… |
CVE-2026-23853 | High | 8.4 | 2026-04-17 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 throug… |
CVE-2023-31240 | High | 8.3 | 2023-05-22 | Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hi… |
CVE-2023-48257 | High | 7.8 | 2024-01-10 | The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges o… |
CVE-2023-0635 | High | 7.8 | 2023-06-05 | Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQ… |
CVE-2025-2229 | High | 7.7 | 2025-03-13 | A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. |
CVE-2026-22910 | High | 7.5 | 2026-01-15 | The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represen… |
CVE-2025-59460 | High | 7.5 | 2025-10-27 | The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increas… |
CVE-2025-35970 | High | 7.5 | 2025-08-07 | On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available via SNMP. If t… |
CVE-2024-52331 | High | 7.5 | 2025-01-23 | ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that… |
CVE-2024-45722 | High | 7.5 | 2024-12-06 | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentia… |
CVE-2024-45272 | High | 7.5 | 2024-10-15 | An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in… |