Vulnerability Name CVE Severity
Apache ActiveMQ default administrative credentials
Apache Airflow default credentials
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112) CVE-2020-13945
Apache Geronimo default administrative credentials
Apache Shiro Deserialization RCE CVE-2016-4437
Apache Tapestry weak secret key
Apache Tomcat insecure default administrative password
BottlePy weak secret key
Cookie signed with weak secret key
Django weak secret key
Express cookie-session weak secret key
Express express-session weak secret key
Flask weak secret key
Laravel framework weak secret key
Mojolicious weak secret key
Oracle Business Intelligence default administrative credentials
Oracle PeopleSoft SSO weak secret key
OSGi Management Console Default Credentials
phpLiteAdmin default password
Play framework weak secret key
PrimeFaces 5.x Expression Language injection CVE-2017-1000486
Pyramid framework weak secret key
RethinkDB administrative interface publicly exposed
Ruby framework weak secret key
Ruby on Rails weak/known secret token CVE-2013-0156
SonarQube default credentials
Tornado weak secret key
Unrestricted access to Haproxy Data Plane API
Weak Secret is Used to Sign JWT
Web2py weak secret key
WordPress default administrator account
Yii2 weak secret key