Weaknesses of type CWE-620
84 resultsCVE-2025-11235LOWMOVEit Transfer REST API does not require current password in order to initiate the password change processEPSS 0.2%CVE-2024-47784LOWUnverified Password ChangeEPSS 0.2%CVE-2026-9249LOWUnverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a craEPSS 0.1%CVE-2025-67719HIGHIbexa User Bundle is missing password change validationEPSS 0.1%