CWE-640: CWE-640

This vulnerability allows unauthenticated attackers to reset passwords on affected NETGEAR routers and WiFi systems. Attackers can gain administrative...

A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to craft malicious password reset links that leak reset tokens. ...

A weak password recovery mechanism in CDeX application versions through 5.7.1 allows attackers to retrieve password reset tokens. This vulnerability e...

This vulnerability allows password reset tokens in Serenity/StartSharp to be reused after initial password reset, remaining valid for 3 hours. Attacke...

This vulnerability allows attackers to bypass local authentication by exploiting forgotten password reset functionality for local accounts. It affects...

CVE-2025-53704 is a weak password reset mechanism vulnerability in the Pivot client application that allows attackers to hijack user accounts by explo...

A logic flaw in Jitsi Meet's lobby feature for password-protected meetings allows unauthorized disclosure of the meeting password when inviting users ...

This vulnerability allows remote attackers to reset any user's password in Roundcube's Password Recovery plugin version 1.2 by brute-forcing a 6-digit...

CVE-2023-26615 is a password reset vulnerability in D-Link DIR-823G routers that allows unauthenticated attackers to reset the web management interfac...

This vulnerability in ATutor 2.2.4 allows attackers to bypass password reset authentication by manipulating specific HTTP POST parameters in password_...

This vulnerability allows attackers to bypass password recovery mechanisms in Microweber CMS, potentially gaining unauthorized access to user accounts...

This vulnerability allows remote attackers to enumerate user email addresses through Liferay's forgot password functionality due to an insecure defaul...

This vulnerability in Weintek Weincloud v0.13.6 allows attackers to reset passwords using only a valid JWT token for the target account. This affects ...

CVE-2022-1073 is a critical privilege escalation vulnerability in Automatic Question Paper Generator 1.0 that allows remote attackers to gain elevated...

A weak password recovery mechanism in Productivity Suite v4.4.1.19 allows attackers to decrypt encrypted projects by answering just one security quest...

ClipBucket v5.5.2 has a host header injection vulnerability that allows attackers to manipulate password reset links. When the base_url configuration ...

This vulnerability in Creativeitem Academy LMS allows attackers to brute-force password reset tokens due to predictable token generation and lack of r...

This vulnerability allows remote attackers to bypass password recovery mechanisms in Sangfor Operation and Maintenance Security Management System, pot...

This vulnerability allows remote attackers to perform unauthorized password modifications in Shenzhen Sixun Software's Sixun Shanghui Group Business M...

This vulnerability allows unauthenticated attackers to perform weak password recovery attacks on SourceCodester Inventory Management System 1.0. Attac...

This vulnerability in Wavlink WL-WN578W2 routers allows attackers to remotely exploit weak password recovery mechanisms via the /sysinit.html file. At...

This vulnerability in YunzMall allows attackers to remotely bypass password recovery mechanisms through weak password reset functionality. Attackers c...

The Easy Digital Downloads WordPress plugin has an unvalidated redirect vulnerability in all versions up to 3.6.2. Unauthenticated attackers can manip...

This vulnerability in Uasoft Badaso allows attackers to exploit weak password recovery mechanisms in the forgetPassword function. Attackers can potent...