CWE-1392
102 CVEs classified under CWE-1392. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-55051 | Critical | 10.0 | 2025-09-09 | CWE-1392: Use of Default Credentials |
CVE-2023-3703 | Critical | 10.0 | 2023-09-03 | Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials |
CVE-2026-46386 | Critical | 9.9 | 2026-06-26 | OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERW… |
CVE-2026-45039 | Critical | 9.8 | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 sig… |
CVE-2026-44159 | Critical | 9.8 | 2026-05-19 | Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has… |
CVE-2026-42072 | Critical | 9.8 | 2026-05-08 | Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, th… |
CVE-2026-22886 | Critical | 9.8 | 2026-03-03 | OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative ac… |
CVE-2026-27751 | Critical | 9.8 | 2026-02-27 | SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative ac… |
CVE-2026-26341 | Critical | 9.8 | 2026-02-24 | Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during inst… |
CVE-2026-26366 | Critical | 9.8 | 2026-02-15 | eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without… |
CVE-2022-50803 | Critical | 9.8 | 2025-12-30 | JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges. |
CVE-2025-54303 | Critical | 9.8 | 2025-12-04 | The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user… |
CVE-2025-34516 | Critical | 9.8 | 2025-10-16 | Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain rem… |
CVE-2025-10542 | Critical | 9.8 | 2025-09-25 | iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrato… |
CVE-2025-35042 | Critical | 9.8 | 2025-09-22 | Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change… |
CVE-2025-35452 | Critical | 9.8 | 2025-09-05 | PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface. |
CVE-2025-8731 | Critical | 9.8 | 2025-08-08 | A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The man… |
CVE-2025-51536 | Critical | 9.8 | 2025-08-04 | Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password. |
CVE-2025-30139 | Critical | 9.8 | 2025-03-18 | An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials t… |
CVE-2024-12286 | Critical | 9.8 | 2024-12-10 | MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. |