Skip to main content

CWE-262

Not Using Password Aging

5 CVEs Avg CVSS 6.1 MITRE
1
CRITICAL
1
HIGH
3
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-50101 CRITICAL CISA Emergency

Persistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) allows anyone who obtains a device's server-side relay credential to maintain indefinite access to that device's relay channel. Because the credential is re-issued unchanged on every boot and cannot be rotated, reset, or revoked by the owner, even factory resets and re-onboarding do not evict an attacker. No public exploit identified at time of analysis, and EPSS/KEV signals are not provided in the input.

Information Disclosure Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2025-58435 MEDIUM Monitor

Open OnDemand is an open-source HPC portal. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
4.1
EPSS
0.1%
CVE-2023-1555 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-2022 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-22767 HIGH This Week

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pyxis Anesthesia Station Es Firmware Pyxis Ciisafe Firmware Pyxis Logistics Firmware Pyxis Medbank Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 9.2
CRITICAL Emergency

Persistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) allows anyone who obtains a device's server-side relay credential to maintain indefinite access to that device's relay channel. Because the credential is re-issued unchanged on every boot and cannot be rotated, reset, or revoked by the owner, even factory resets and re-onboarding do not evict an attacker. No public exploit identified at time of analysis, and EPSS/KEV signals are not provided in the input.

Information Disclosure Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB
EPSS 0% CVSS 4.1
MEDIUM Monitor

Open OnDemand is an open-source HPC portal. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pyxis Anesthesia Station Es Firmware Pyxis Ciisafe Firmware +14
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy