Weaknesses of type CWE-640
171 resultsCVE-2025-4320CRITICALInformation Disclosure in Birebirsoft's SufirmamEPSS 0.5%CVE-2026-27593CRITICALStatamic is vulnerable to account takeover via password reset link injectionEPSS 0.5%CVE-2025-31380CRITICALWordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication VulnerabilityEPSS 0.5%CVE-2024-6125HIGHLogin with phone number <= 1.7.34 - Insecure Password Reset MechanismEPSS 0.5%CVE-2025-52560HIGHKanboard Password Reset Poisoning via Host Header InjectionEPSS 0.5%CVE-2025-12866CRITICALHundred Plus|EIP Plus - Weak Password Recovery MechanismEPSS 0.5%CVE-2026-12417CRITICALSignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account TakeoverEPSS 0.5%CVE-2026-28213CRITICALEverShop Vulnerable to Arbitrary Customer Account Takeover via Exposure of Password Reset Token in API ResponseEPSS 0.4%CVE-2025-10322MEDIUMWavlink WL-WN578W2 sysinit.html password recoveryEPSS 0.4%CVE-2025-50433CRITICALAn issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to takEPSS 0.4%CVE-2023-31287HIGHAn issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token thEPSS 0.4%CVE-2025-4552MEDIUMContiNew Admin password unverified password changeEPSS 0.4%CVE-2026-28681HIGHIRRd: web UI host header injection allows password reset poisoning via attacker-controlled email linksEPSS 0.4%CVE-2026-33707CRITICALWeak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lmsEPSS 0.4%CVE-2023-5296MEDIUMXinhu RockOA Password password recoveryEPSS 0.4%CVE-2024-38468CRITICALShenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.EPSS 0.4%CVE-2025-13565MEDIUMSourceCodester Inventory Management System resetPassword.php password recoveryEPSS 0.4%CVE-2025-1570HIGHDirectorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTPEPSS 0.4%CVE-2024-42915HIGHA host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interactioEPSS 0.4%CVE-2024-27899HIGHSecurity misconfiguration vulnerability in SAP NetWeaver AS Java User Management EngineEPSS 0.4%