Falhas do tipo CWE-620
84 resultadosCVE-2025-4552MEDIUMContiNew Admin password unverified password changeEPSS 0.4%CVE-2025-67041CRITICALAn issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properEPSS 0.4%CVE-2025-62425HIGHMatrix Authentication Service account password can be changed using an authenticated session without supplying the current passwordEPSS 0.4%CVE-2025-9286CRITICALAppy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_passwordEPSS 0.4%CVE-2024-8794MEDIUMBA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password ResetEPSS 0.4%CVE-2026-30458CRITICALAn issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.EPSS 0.4%CVE-2025-61536HIGHFelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the EPSS 0.4%CVE-2024-13373HIGHExertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password UpdateEPSS 0.4%CVE-2025-1107CRITICALUnverified password change vulnerability in JantoEPSS 0.4%CVE-2023-4915MEDIUMWP User Control <= 1.5.3 - Insecure Password Reset MechanismEPSS 0.4%CVE-2025-3607HIGHFrontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password ResetEPSS 0.4%CVE-2024-27715HIGHAn issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted reEPSS 0.4%CVE-2023-4381MEDIUMUnverified Password Change in instantsoft/icms2EPSS 0.4%CVE-2025-14751HIGHUnverified Password Change in Weintek cMT X Series HMI EasyWeb ServiceEPSS 0.4%CVE-2024-12827CRITICALDWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password ResetEPSS 0.4%CVE-2025-61132HIGHA Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct passworEPSS 0.3%CVE-2022-2930MEDIUMUnverified Password Change in octoprint/octoprintEPSS 0.3%CVE-2024-41796MEDIUMA vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to chanEPSS 0.3%CVE-2025-3849MEDIUMYXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password changeEPSS 0.3%CVE-2026-42084HIGHOpenC3 COSMOS: Hijacked session token can be used to reset password for persistenceEPSS 0.3%