Falhas do tipo CWE-640
171 resultadosCVE-2026-28268CRITICALVikunja Vulnerable to Account Takeover via Password Reset Token ReuseEPSS 0.7%CVE-2024-11350CRITICALAdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account TakeoverEPSS 0.7%CVE-2024-47547CRITICALRuijie Reyee OS Weak Password Recovery Mechanism for Forgotten PasswordEPSS 0.7%CVE-2024-9305HIGHAppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTPEPSS 0.7%CVE-2022-37300CRITICALA CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and wriEPSS 0.7%CVE-2024-33530HIGHIn Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meetiEPSS 0.7%CVE-2023-35717HIGHTP-Link Tapo C210 Password Recovery Authentication Bypass VulnerabilityEPSS 0.7%CVE-2022-50910HIGHBeehive Forum - Account TakeoverEPSS 0.7%CVE-2026-11551CRITICALBranda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.6%CVE-2023-7264HIGHBuild App Online <= 1.0.22 - Account Takeover via Weak Password Reset MechanismEPSS 0.6%CVE-2022-47697CRITICALCOMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeovEPSS 0.6%CVE-2026-25858CRITICALmacrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP DisclosureEPSS 0.6%CVE-2025-10127HIGHDaikin Europe N.V Security Gateway Weak Password Recovery Mechanism for Forgotten PasswordEPSS 0.6%CVE-2024-0186LOWHuiRan Host Reseller System HTTP POST Request password recoveryEPSS 0.6%CVE-2021-27654HIGHForgotten password reset functionality for local accounts can be used to bypass local authentication checks.EPSS 0.6%CVE-2025-64113CRITICALEmby Server allows attackers to gain administrative server access without preconditionsEPSS 0.6%CVE-2023-47107HIGHPILOS account takeover through password reset poisoningEPSS 0.6%CVE-2024-2463HIGHWeak password recovery mechanism in CDeXEPSS 0.6%CVE-2024-0491MEDIUMHuaxia ERP UserController.java password recoveryEPSS 0.6%CVE-2026-7459HIGHSimple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction EndpointEPSS 0.6%