Monthly
Authentication bypass in IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis (Operations Analytics versions 1.3.2.0 through 1.3.8.4) stems from hardcoded default credentials baked in during the manufacturing/installation process. An attacker who can reach the installation can authenticate with these known-default passwords, gaining full control with high confidentiality, integrity, and availability impact. The CVSS 3.1 vector scores this as a local-vector issue (AV:L) rather than remote, no public exploit has been identified, and SSVC reports exploitation status of 'none'.
Use of default administrative credentials in Tyler Identity Local (TID-L) allows remote unauthenticated attackers to gain full administrative access to affected deployments. The credentials are publicly documented and users are not forced to change them at install time, and because the product was discontinued in December 2020 and unsupported since 2021, no vendor patch is available. CVSS 4.0 rates this 9.3 (Critical); no public exploit identified at time of analysis and the issue is not in CISA KEV.
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.
NornicDB's Bolt server binds to all network interfaces (0.0.0.0) regardless of the --address CLI flag or server.host configuration, exposing the graph database with default admin:password credentials to any device on the same LAN. The HTTP server correctly honors bind address restrictions, but a configuration plumbing bug prevents the Bolt protocol listener from reading the intended host parameter. Vendor-released patch available in version 1.0.42-hotfix addresses the underlying CWE-1392 (Improper Binding of Resource to Another Sphere) by adding Host field to Bolt configuration and wiring the resolveBindAddress() function to both protocol listeners. GitHub security advisory GHSA-2hp7-65r3-wv54 confirms the vulnerability with reproduction steps showing netstat evidence of wildcard binding despite localhost configuration.
Default credentials in netbox-docker before 2.5.0.
Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. An attacker exploiting this could achieve privilege escalation and lateral movement within virtualized environments.
Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default credentials are publicly known, enabling complete device takeover.
Default credentials in Tattile Smart+, Vega, and Basic ANPR camera families firmware 1.181.5 and prior. License plate recognition cameras ship with known default credentials. PoC available.
eNet SMART HOME server ships with default credentials (user:user, admin:admin) (CVSS 9.8) enabling immediate administrative access to the smart home system.
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. [CVSS 8.4 HIGH]
Authentication bypass in IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis (Operations Analytics versions 1.3.2.0 through 1.3.8.4) stems from hardcoded default credentials baked in during the manufacturing/installation process. An attacker who can reach the installation can authenticate with these known-default passwords, gaining full control with high confidentiality, integrity, and availability impact. The CVSS 3.1 vector scores this as a local-vector issue (AV:L) rather than remote, no public exploit has been identified, and SSVC reports exploitation status of 'none'.
Use of default administrative credentials in Tyler Identity Local (TID-L) allows remote unauthenticated attackers to gain full administrative access to affected deployments. The credentials are publicly documented and users are not forced to change them at install time, and because the product was discontinued in December 2020 and unsupported since 2021, no vendor patch is available. CVSS 4.0 rates this 9.3 (Critical); no public exploit identified at time of analysis and the issue is not in CISA KEV.
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.
NornicDB's Bolt server binds to all network interfaces (0.0.0.0) regardless of the --address CLI flag or server.host configuration, exposing the graph database with default admin:password credentials to any device on the same LAN. The HTTP server correctly honors bind address restrictions, but a configuration plumbing bug prevents the Bolt protocol listener from reading the intended host parameter. Vendor-released patch available in version 1.0.42-hotfix addresses the underlying CWE-1392 (Improper Binding of Resource to Another Sphere) by adding Host field to Bolt configuration and wiring the resolveBindAddress() function to both protocol listeners. GitHub security advisory GHSA-2hp7-65r3-wv54 confirms the vulnerability with reproduction steps showing netstat evidence of wildcard binding despite localhost configuration.
Default credentials in netbox-docker before 2.5.0.
Acronis Cyber Protect and Agent virtual appliances on VMware contain hardcoded default credentials for local privileged accounts, allowing attackers with network access and user interaction to gain high-level system access and potentially modify or disrupt backup operations. The vulnerability affects Cyber Protect Cloud Agent (VMware) before build 36943 and Cyber Protect 17 (VMware) before build 41186, with no patch currently available. An attacker exploiting this could achieve privilege escalation and lateral movement within virtualized environments.
Default credentials in SODOLA SL902-SWTGW124AS network switch firmware allow unauthenticated remote access. Default credentials are publicly known, enabling complete device takeover.
Default credentials in Tattile Smart+, Vega, and Basic ANPR camera families firmware 1.181.5 and prior. License plate recognition cameras ship with known default credentials. PoC available.
eNet SMART HOME server ships with default credentials (user:user, admin:admin) (CVSS 9.8) enabling immediate administrative access to the smart home system.
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. [CVSS 8.4 HIGH]