Falhas do tipo CWE-640
171 resultadosCVE-2026-34751CRITICALPayload has Unvalidated Input in Password Recovery EndpointsEPSS 0.3%CVE-2024-43190MEDIUMIBM Engineering Requirements Management DOORS weak authenticationEPSS 0.3%CVE-2025-53373HIGHNatours has a 1 Click Account take over on reset password via Host Header injectionEPSS 0.3%CVE-2023-29145—The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowiEPSS 0.3%CVE-2025-63314CRITICALA static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset theEPSS 0.3%CVE-2026-12066MEDIUMPbootCMS Password MemberController.php retrieve password recoveryEPSS 0.3%CVE-2026-10169MEDIUMOUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recoveryEPSS 0.3%CVE-2021-29038MEDIUMLiferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and olderEPSS 0.3%CVE-2025-7881MEDIUMMercusys MW301R Web Interface password recoveryEPSS 0.3%CVE-2025-14696MEDIUMShenzhen Sixun Software Sixun Shanghui Group Business Management System UpdatePasswordBatch password recoveryEPSS 0.3%CVE-2026-2543MEDIUMvichan-devel vichan Password Change pages.php unverified password changeEPSS 0.3%CVE-2026-34408CRITICALAn issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypasEPSS 0.3%CVE-2026-45013HIGHApostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input ValidationEPSS 0.3%CVE-2026-29199HIGHphpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabledEPSS 0.2%CVE-2025-53704HIGHMAXHUB Pivot Weak Password Recovery Mechanism for Forgotten PasswordEPSS 0.2%CVE-2026-35676HIGHphpMyFAQ - Unauthenticated Password Reset via User Password Update EndpointEPSS 0.2%CVE-2020-37158HIGHAVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)EPSS 0.2%CVE-2026-22723MEDIUMUAA User Token Revocation logic errorEPSS 0.2%CVE-2026-9609MEDIUMQianFox FoxCMS Admin.php edit password recoveryEPSS 0.2%CVE-2026-40585HIGHblueprintUE: Password Reset Tokens Have No Expiry WindowEPSS 0.2%