Falhas do tipo CWE-620
84 resultadosCVE-2025-2253CRITICALIMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password ResetEPSS 0.7%CVE-2026-5386CRITICALKMW CCTV Security Cameras Unverified Password ChangeEPSS 0.6%CVE-2025-22381HIGHAggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality, allowing an attacker to reset a user's password.EPSS 0.6%CVE-2023-3069HIGHUnverified Password Change in tsolucio/corebosEPSS 0.6%CVE-2024-9431MEDIUMImproper Privilege Management in transformeroptimus/superagiEPSS 0.6%CVE-2025-6097MEDIUMUTT 进取 750W Administrator Password setSysAdm formDefineManagement unverified password changeEPSS 0.6%CVE-2025-4903MEDIUMD-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password changeEPSS 0.6%CVE-2025-4606CRITICALSala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account TakeoverEPSS 0.6%CVE-2023-5844MEDIUMUnverified Password Change in pimcore/admin-ui-classic-bundleEPSS 0.6%CVE-2024-23637MEDIUMOctoPrint Unverified Password Change via Access Control SettingsEPSS 0.5%CVE-2024-26520CRITICALAn issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker toEPSS 0.5%CVE-2025-63362CRITICALWaveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attEPSS 0.5%CVE-2025-70082CRITICALAn issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo cEPSS 0.5%CVE-2025-5482HIGHSunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege EscalationEPSS 0.5%CVE-2023-4465LOWPoly VVX 601 Configuration File Import unverified password changeEPSS 0.5%CVE-2026-24443HIGHEventSentry < 6.0.1.20 Web Reports Unverified Password ChangeEPSS 0.5%CVE-2025-3603CRITICALFlynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password UpdateEPSS 0.5%CVE-2024-37998CRITICALA vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1EPSS 0.5%CVE-2024-12860CRITICALCarSpot – Dealership Wordpress Classified Theme <= 2.4.3 - Unauthenticated Arbitrary Password Reset/Account TakeoverEPSS 0.5%CVE-2025-4558CRITICALWormHole Tech GPM - Unverified Password ChangeEPSS 0.4%