Weaknesses of type CWE-640
171 resultsCVE-2021-25961HIGHSuiteCRM - Account Takeover in Password Reset FunctionalityEPSS 0.9%CVE-2026-24467CRITICALOpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform CompromiseEPSS 0.9%CVE-2023-5959MEDIUMByzoro Smart S85F Management Platform login.php password recoveryEPSS 0.9%CVE-2021-37693MEDIUMRe-use of email tokens in DiscourseEPSS 0.8%CVE-2023-50172MEDIUMA recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master coEPSS 0.8%CVE-2022-24892MEDIUMMultiple valid tokens for password reset in ShopwareEPSS 0.8%CVE-2022-1073HIGHAutomatic Question Paper Generator password recoveryEPSS 0.8%CVE-2023-36487—The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.EPSS 0.8%CVE-2022-45637CRITICALAn insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechaniEPSS 0.8%CVE-2023-49097HIGHZITADEL vulnerable account takeover via malicious host header injectionEPSS 0.8%CVE-2022-26872HIGHPassword reset interception via APIEPSS 0.8%CVE-2024-11103CRITICALContest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account TakeoverEPSS 0.7%CVE-2024-0425MEDIUMForU CMS password recoveryEPSS 0.7%CVE-2024-48428CRITICALAn issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.EPSS 0.7%CVE-2023-28821MEDIUMConcrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.EPSS 0.7%CVE-2026-7652MEDIUMLatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery MechanismEPSS 0.7%CVE-2026-26273CRITICALKnown affected by Account Takeover via Password Reset Token LeakageEPSS 0.7%CVE-2024-53552CRITICALCrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.EPSS 0.7%CVE-2020-37172HIGHAVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)EPSS 0.7%CVE-2023-5840MEDIUMWeak Password Recovery Mechanism for Forgotten Password in linkstackorg/linkstackEPSS 0.7%