Fallos del tipo CWE-640
171 resultadosCVE-2025-50594CRITICALAn issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management EPSS 0.3%CVE-2025-64101HIGHZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header InjectionEPSS 0.3%CVE-2026-32103MEDIUMStudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link GenerationEPSS 0.3%CVE-2024-12295HIGHBoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_passwordEPSS 0.3%CVE-2025-62406HIGHPiwigo is vulnerable to one-click account takeover by modifying the password-reset linkEPSS 0.3%CVE-2025-43932CRITICALJobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depeEPSS 0.3%CVE-2025-43931CRITICALflask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reEPSS 0.3%CVE-2025-50503HIGHA vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password meEPSS 0.3%CVE-2025-29995HIGHAccount Takeover Vulnerability in CAP back office applicationEPSS 0.3%CVE-2025-8855HIGH2FA Expiry Bypass in Optimus Software's Brokerage AutomationEPSS 0.3%CVE-2024-36407LOWSuiteCRM unauthenticated user password reset on php7EPSS 0.3%CVE-2024-45670MEDIUMIBM Security SOAR weak password recovery mechanismEPSS 0.3%CVE-2025-2093LOWPHPGurukul Online Library Management System change-password.php password recoveryEPSS 0.3%CVE-2025-32486CRITICALWordPress Material Dashboard plugin <= 1.4.6 - Privilege Escalation VulnerabilityEPSS 0.3%CVE-2023-46138LOWJumpServer default admin user email leak password resetEPSS 0.3%CVE-2026-30459HIGHAn issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset tokeEPSS 0.3%CVE-2025-3849MEDIUMYXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password changeEPSS 0.3%CVE-2025-14783MEDIUMEasy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirectEPSS 0.3%CVE-2025-62709MEDIUMClipBucket v5 is vulnerable to password reset link manipulationEPSS 0.3%CVE-2026-32865CRITICALOPEXUS eComplaint and eCase insecure password resetEPSS 0.3%