CWE-521 · Weak Password Requirements

258 CVEs classified under CWE-521 (Weak Password Requirements). Browse by severity and year.

Top CVEs for CWE-521
CVESeverityScorePublishedSummary
CVE-2026-25715Critical9.82026-02-20The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authent…
CVE-2025-53963Critical9.82025-12-04An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root accoun…
CVE-2025-63747Critical9.82025-11-17QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login…
CVE-2025-12552Critical9.82025-10-31Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-11200Critical9.82025-10-29MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installa…
CVE-2025-12364Critical9.82025-10-27Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12285Critical9.82025-10-26Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-30127Critical9.82025-08-06An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings…
CVE-2025-28389Critical9.82025-06-13Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CVE-2025-28200Critical9.82025-05-09Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
CVE-2025-25211Critical9.82025-03-31Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attac…
CVE-2025-27663Critical9.82025-03-05Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.
CVE-2024-42850Critical9.82024-08-16An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.
CVE-2024-3263Critical9.82024-05-14YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credent…
CVE-2023-49238Critical9.82024-01-09In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-uni…
CVE-2023-24049Critical9.82023-12-04An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management.
CVE-2023-29974Critical9.82023-11-08An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
CVE-2023-37756Critical9.82023-09-14I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess u…
CVE-2023-31098Critical9.82023-05-22Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0.  When users c…
CVE-2023-2106Critical9.82023-04-15Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.