Falhas do tipo CWE-640
171 resultadosCVE-2026-2895MEDIUMfunadmin Member.php repass password recoveryEPSS 0.4%CVE-2024-9907MEDIUMQileCMS Verification Code Forget.php sendEmail password recoveryEPSS 0.4%CVE-2025-69614CRITICALIncorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account taEPSS 0.4%CVE-2023-31459HIGHA vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthentEPSS 0.4%CVE-2020-5361MEDIUMSelect Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customerEPSS 0.4%CVE-2023-35134HIGHWeintek Weincloud Weak Password Recovery Mechanism for Forgotten PasswordEPSS 0.4%CVE-2024-45980HIGHA host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a craftEPSS 0.4%CVE-2026-50635HIGHLimeSurvey Password Reset Host Header Injection Discloses Reset TokenEPSS 0.4%CVE-2025-4319CRITICALImproper Access Control in Birebirsoft's SufirmamEPSS 0.4%CVE-2024-24903HIGHDell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjaEPSS 0.4%CVE-2024-6203HIGHHaloITSM - Password Reset PoisoningEPSS 0.4%CVE-2026-12416CRITICALInvoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' ParameterEPSS 0.4%CVE-2024-50356NONEPress has a potential 2FA bypassEPSS 0.4%CVE-2025-7948MEDIUMjshERP updatePwd password recoveryEPSS 0.4%CVE-2022-42807—A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participaEPSS 0.4%CVE-2024-5277MEDIUMWeak Password Recovery Mechanism in lunary-ai/lunaryEPSS 0.4%CVE-2026-9466MEDIUMTiandy Easy7 Integrated Management Platform API Endpoint updateUserPassword password recoveryEPSS 0.4%CVE-2026-56081CRITICALCap-go - Account Lockout via 2FA Misconfiguration on Unverified EmailEPSS 0.4%CVE-2026-36438MEDIUMAn issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset fEPSS 0.3%CVE-2023-53958HIGHLDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host HeaderEPSS 0.3%