CVE & Exploit Intelligence Database

CVE-2025-10678 EPSS 0.00

NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not changed nor the user was removed. This issue has been fixed in version 0.57.0

CWE-1392 Oct 20, 2025

CVE-2025-11943 7.3 HIGH 1 Writeup EPSS 0.00

A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-1392 Oct 19, 2025

CVE-2025-34516 9.8 CRITICAL EPSS 0.00

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

CWE-1392 Oct 16, 2025

CVE-2025-10542 9.8 CRITICAL EPSS 0.00

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.

CWE-1392 Sep 25, 2025

CVE-2025-35042 9.8 CRITICAL EPSS 0.00

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.21, and 11.1.9.

CWE-1392 Sep 22, 2025

CVE-2025-55110 5.5 MEDIUM EPSS 0.00

Control-M/Agents use a kdb or PKCS#12 keystore by default, and the default keystore password is well known and documented. An attacker with read access to the keystore could access sensitive data using this password.

CWE-1392 Sep 16, 2025

CVE-2025-55051 10.0 CRITICAL EPSS 0.00

CWE-1392: Use of Default Credentials

CWE-1392 Sep 09, 2025

CVE-2025-35452 9.8 CRITICAL 1 Writeup EPSS 0.00

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.

CWE-1392 Sep 05, 2025

CVE-2025-9577 2.5 LOW 1 Writeup EPSS 0.00

A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.

CWE-1392 Aug 28, 2025

CVE-2025-9576 2.5 LOW 1 Writeup EPSS 0.00

A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-1392 Aug 28, 2025

CVE-2025-35114 7.5 HIGH EPSS 0.00

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

CWE-1392 Aug 26, 2025

CVE-2025-29525 5.3 MEDIUM EPSS 0.00

DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel.

CWE-1392 Aug 25, 2025

CVE-2025-29521 5.3 MEDIUM EPSS 0.00

Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.

CWE-1392 Aug 25, 2025

CVE-2025-55740 6.5 MEDIUM EPSS 0.00

nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.

CWE-1392 Aug 19, 2025

CVE-2025-2184 EPSS 0.00

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations. The attacker must have network access to the Broker VM to exploit this issue.

CWE-1392 Aug 13, 2025

CVE-2025-8731 9.8 CRITICAL 1 Writeup EPSS 0.00

A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "For product TI-PG102i and TI-G160i, by default, the product's remote management options are all disabled. The root account is for troubleshooting purpose and the password is encrypted. However, we will remove the root account from the next firmware release. For product TPL-430AP, the initial setup process requires user to set the password for the management GUI. Once that was done, the default password will be invalid."

CWE-1392 Aug 08, 2025

CVE-2025-8530 5.3 MEDIUM EPSS 0.00

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CWE-1392 Aug 04, 2025

CVE-2025-51535 9.1 CRITICAL EPSS 0.00

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.

CWE-1392 Aug 04, 2025

CVE-2025-51536 9.8 CRITICAL EPSS 0.00

Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.

CWE-1392 Aug 04, 2025

CVE-2025-29629 9.1 CRITICAL EPSS 0.00

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.

CWE-94 Jul 25, 2025