CWE-521 · Weak Password Requirements
258 CVEs classified under CWE-521 (Weak Password Requirements). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25715 | Critical | 9.8 | 2026-02-20 | The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authent… |
CVE-2025-53963 | Critical | 9.8 | 2025-12-04 | An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root accoun… |
CVE-2025-63747 | Critical | 9.8 | 2025-11-17 | QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login… |
CVE-2025-12552 | Critical | 9.8 | 2025-10-31 | Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
CVE-2025-11200 | Critical | 9.8 | 2025-10-29 | MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installa… |
CVE-2025-12364 | Critical | 9.8 | 2025-10-27 | Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
CVE-2025-12285 | Critical | 9.8 | 2025-10-26 | Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
CVE-2025-30127 | Critical | 9.8 | 2025-08-06 | An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings… |
CVE-2025-28389 | Critical | 9.8 | 2025-06-13 | Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack. |
CVE-2025-28200 | Critical | 9.8 | 2025-05-09 | Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address. |
CVE-2025-25211 | Critical | 9.8 | 2025-03-31 | Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attac… |
CVE-2025-27663 | Critical | 9.8 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007. |
CVE-2024-42850 | Critical | 9.8 | 2024-08-16 | An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. |
CVE-2024-3263 | Critical | 9.8 | 2024-05-14 | YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credent… |
CVE-2023-49238 | Critical | 9.8 | 2024-01-09 | In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-uni… |
CVE-2023-24049 | Critical | 9.8 | 2023-12-04 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. |
CVE-2023-29974 | Critical | 9.8 | 2023-11-08 | An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements. |
CVE-2023-37756 | Critical | 9.8 | 2023-09-14 | I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess u… |
CVE-2023-31098 | Critical | 9.8 | 2023-05-22 | Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users c… |
CVE-2023-2106 | Critical | 9.8 | 2023-04-15 | Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. |