Falhas do tipo CWE-640
171 resultadosCVE-2023-28202—This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS VentEPSS 0.2%CVE-2025-56748MEDIUMCreativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiEPSS 0.2%CVE-2026-4136MEDIUMMembership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirectEPSS 0.2%CVE-2024-12604MEDIUMImproper Authentication in Tapandsign Technologies Tap and Sign AppEPSS 0.2%CVE-2025-36579MEDIUMDell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to theEPSS 0.2%CVE-2023-34357HIGHSoar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten PasswordEPSS 0.2%CVE-2026-46894HIGHVulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Home Page). Supported versions that are affecteEPSS 0.2%CVE-2024-32642HIGHHost header poisoning allows account takeover via password reset emailEPSS 0.2%CVE-2025-55030MEDIUMContent-Disposition headers incorrectly ignored for some MIME typesEPSS 0.1%CVE-2025-61977HIGHAutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten PasswordEPSS 0.1%CVE-2025-65203HIGHKeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directivEPSS 0.1%