CWE-255
96 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-255page 2 of 2
- CVE-2018-6443HIGHCVSS 8.1EG 8.12019-01-22
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install addi…
- CVE-2018-7788MEDIUMCVSS 6.5EG 6.52019-05-22
A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection.
- CVE-2018-7820CRITICALCVSS 9.8EG 9.82019-09-17
A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.
- CVE-2019-13560CRITICALCVSS 9.8EG 9.82019-07-11
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter.
- CVE-2019-1654HIGHCVSS 7.8EG 7.82019-04-17
A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without …
- CVE-2019-1714HIGHCVSS 8.6EG 8.62019-05-03
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Fire…
- CVE-2019-1950HIGHCVSS 8.4EG 8.42020-02-19
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configura…
- CVE-2019-4381MEDIUMCVSS 5.5EG 5.52019-06-14
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain…
- CVE-2019-5456HIGHCVSS 8.1EG 8.12019-07-30
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
- CVE-2019-7488CRITICALCVSS 9.8EG 9.82019-12-23
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier.
- CVE-2019-7690CRITICALCVSS 9.8EG 9.82019-05-13
In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Pas…
- CVE-2020-10287CRITICALCVSS 9.8EG 9.82020-07-15
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we foun…
- CVE-2020-1978MEDIUMCVSS 5.8EG 5.82020-04-08
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent t…
- CVE-2020-24680HIGHCVSS 7.0EG 7.02020-12-22
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
- CVE-2020-3140CRITICALCVSS 9.8EG 9.82020-07-16
A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient valid…
- CVE-2020-8968HIGHCVSS 7.1EG 7.12021-12-17
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of…
- CVE-2021-1522MEDIUMCVSS 4.3EG 4.32021-08-04
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements th…
- CVE-2021-21505HIGHCVSS 8.0EG 9.82021-05-06
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit th…
- CVE-2021-21522HIGHCVSS 8.2EG 4.42021-09-28
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via …
- CVE-2021-22568HIGHCVSS 8.8EG 8.82021-12-09
When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an atta…
- CVE-2021-28498HIGHCVSS 8.7EG 7.82021-09-09
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista…
- CVE-2021-28499MEDIUMCVSS 6.3EG 5.52021-09-09
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0…
- CVE-2021-28508MEDIUMCVSS 6.8EG 6.12022-05-26
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAtt…
- CVE-2021-28509MEDIUMCVSS 6.1EG 6.12022-05-26
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAtt…
- CVE-2021-37000HIGHCVSS 7.7EG 7.72024-12-28
Some Huawei wearables have a permission management vulnerability.
- CVE-2022-25327MEDIUMCVSS 5.5EG 5.52022-02-25
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt met…
- CVE-2024-11026LOWCVSS 3.7EG 3.72024-11-08
A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore…
- CVE-2025-11284HIGHCVSS 7.3EG 7.32025-10-05
A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The ma…
- CVE-2025-11649HIGHCVSS 7.0EG 7.02025-10-12
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulation results in use of hard-coded password. The attack must be initiated f…
- CVE-2025-11666MEDIUMCVSS 6.7EG 6.72025-10-13
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to us…
- CVE-2025-13187MEDIUMCVSS 5.3EG 5.32025-11-14
A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of cre…
- CVE-2025-13221MEDIUMCVSS 5.3EG 5.32025-11-15
A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credent…
- CVE-2025-14183MEDIUMCVSS 4.3EG 4.32025-12-07
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of …
- CVE-2025-15128MEDIUMCVSS 5.3EG 5.32025-12-28
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/ex…
- CVE-2025-15151LOWCVSS 3.7EG 3.72025-12-28
A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration fi…
- CVE-2025-2355LOWCVSS 3.3EG 3.32025-03-17
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY lead…
- CVE-2025-2555LOWCVSS 2.9EG 2.92025-03-20
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally …
- CVE-2025-4286LOWCVSS 2.7EG 2.72025-05-05
A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação lea…
- CVE-2025-6139LOWCVSS 3.9EG 3.92025-06-16
A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. T…
- CVE-2025-6932LOWCVSS 3.7EG 3.72025-06-30
A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation le…
- CVE-2025-7079LOWCVSS 3.7EG 3.72025-07-06
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipu…
- CVE-2025-7080LOWCVSS 3.7EG 3.72025-07-06
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The …
- CVE-2025-7453LOWCVSS 3.7EG 3.72025-07-11
A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipu…
- CVE-2025-7577LOWCVSS 3.7EG 3.72025-07-14
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been classified as problematic. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate th…
- CVE-2025-9725LOWCVSS 2.5EG 8.82025-08-31
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carr…
- CVE-2026-6597LOWCVSS 2.7EG 2.72026-04-20
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes un…
Map vulnerabilities like CWE-255 to your infrastructure
EchelonGraph correlates every CVE — across CWE-255 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →