CWE-521

254 vulnerabilities with CWE-521

CVE-2026-41038 HIGH

Weak Password Policy Vulnerability in Quantum Networks Router QN-I-470

CVE-2026-6284 CRITICAL

Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

CVSS 9.1

CVE-2026-33771 HIGH

CTP OS: Configuring password requirements does not work which permits the use of weak passwords

CVSS 7.4

CVE-2026-34203 LOW

Nautobot: Management of users via REST API does not apply configured password validators

CVSS 2.7

CVE-2026-27575 CRITICAL

Vikunja <2.0.0 - Auth Bypass

CVSS 9.1

CVE-2026-25715 CRITICAL

Device Web Interface - Auth Bypass

CVSS 9.8

CVE-2026-1408 LOW

Beetel 777VR1 <01.00.09/01.00.09_55 - Info Disclosure

CVSS 2.0

CVE-2025-55269 MEDIUM

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability

CVSS 4.2

CVE-2025-55252 LOW

HCL AION <2 - Info Disclosure

CVSS 3.1

CVE-2025-68963 MEDIUM

Clone Module - Info Disclosure

CVSS 5.7

CVE-2025-68716 HIGH

KAYSUS KS-WR3600 - RCE

CVSS 8.4

CVE-2025-23408 MEDIUM

Apache Fineract <1.10.1 - Info Disclosure

CVSS 6.5

CVE-2025-67513 MEDIUM

FreePBX <16.0.96 & <17.0.1-9 - Info Disclosure

CVE-2025-53963 CRITICAL

Thermo Fisher Ion Torrent OneTouch 2 - RCE

CVSS 9.8

CVE-2025-65014 LOW

LibreNMS <25.11.0 - Info Disclosure

CVSS 3.7

CVE-2025-63800 HIGH

Open Source Point of Sale 3.4.1 - Info Disclosure

CVSS 7.5

CVE-2025-63747 CRITICAL

QaTraq 6.9.2 - Info Disclosure

CVSS 9.8

CVE-2025-55034 HIGH

General Industrial Controls Lynx+ Gateway - Info Disclosure

CVSS 8.2

CVE-2025-12552 CRITICAL

BLU-IC2 <1.19.5 - Info Disclosure

CVSS 9.8

CVE-2025-11200 CRITICAL

MLflow - Auth Bypass

CVSS 9.8

CVE-2025-12364 CRITICAL

BLU-IC2, IC4 <1.19.5 - Info Disclosure

CVSS 9.8

CVE-2025-12285 CRITICAL

Azure-access Blu-ic2 Firmware < 1.20 - Improper Input Validation

CVSS 9.8

CVE-2025-60954 HIGH

Microweber CMS 2.0 - Info Disclosure

CVSS 8.3

CVE-2025-11322 LOW

Mangati NovoSGA <2.2.12 - Info Disclosure

CVSS 3.7

CVE-2025-9964 HIGH

Novakon P series - Info Disclosure