Key Findings Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 contain hardcoded default credentials that allow unauthenticated remote administrative access CVE-2026-44825 affects only installations using the command-line authentication tool, not manually configured systems Industrial IoT converters using USR-W610 devices have a critical CVSS 9.8 vulnerability (CVE-2026-7786) with embedded plaintext credentials USR device manufacturer has not responded to vulnerability coo