Weaknesses of type CWE-620
83 resultsCVE-2024-20419CRITICALA vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote atEPSS 80.8%CVE-2025-4322CRITICALMotors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account TakeoverEPSS 16.8%CVE-2024-48887CRITICALA unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwordEPSS 11.3%CVE-2024-33699CRITICALThe LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the adminisEPSS 9.2%CVE-2020-7378CRITICALCRIXP OpenCRX Unverified Password ChangeEPSS 2.6%CVE-2024-12824CRITICALNokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password ChangeEPSS 2.2%CVE-2024-13375CRITICALAdifier System <= 3.1.7 - Unauthenticated Arbitrary Password ResetEPSS 1.4%CVE-2017-14005—An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a uEPSS 1.4%CVE-2021-34785MEDIUMCisco BroadWorks CommPilot Application Software VulnerabilitiesEPSS 1.2%CVE-2024-34077HIGHMantisBT user account takeover in the signup/reset password processEPSS 1.2%CVE-2021-34786MEDIUMCisco BroadWorks CommPilot Application Software VulnerabilitiesEPSS 1.0%CVE-2023-2297CRITICALProfile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset MechanismEPSS 1.0%CVE-2018-8916MEDIUMUnverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticatEPSS 1.0%CVE-2023-4214HIGHAppPresser <= 4.2.5 - Insecure Password Reset MechanismEPSS 0.9%CVE-2023-2449CRITICALUserPro <= 5.1.1 - Insecure Password Reset MechanismEPSS 0.9%CVE-2022-21934HIGHMetasys Unverified Password ChangeEPSS 0.8%CVE-2022-21935HIGHMetasys password guessingEPSS 0.8%CVE-2021-22773—A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink PEPSS 0.8%CVE-2025-10159CRITICALAn authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access PointsEPSS 0.8%CVE-2022-3152CRITICALUnverified Password Change in phpfusion/phpfusionEPSS 0.7%