CVEs classified under CWE-640, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-63314 — CVSS 10.0 (critical): A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset…
CVE-2026-13019 — CVSS 9.8 (critical): Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function…
CVE-2026-37106 — CVSS 9.8 (critical): An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php…
CVE-2026-12417 — CVSS 9.8 (critical): The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account…
CVE-2026-12416 — CVSS 9.8 (critical): The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including…
CVE-2026-11551 — CVSS 9.8 (critical): The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29…
CVE-2026-28268 — CVSS 9.8 (critical): Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the…
CVE-2026-28213 — CVSS 9.8 (critical): EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality…
CVE-2022-50910 — CVSS 9.8 (critical): Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate…
CVE-2025-64113 — CVSS 9.8 (critical): Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an…
CVE-2025-50433 — CVSS 9.8 (critical): An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to…
CVE-2025-12866 — CVSS 9.8 (critical): EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to…
CVE-2025-10127 — CVSS 9.8 (critical): Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an…
CVE-2025-32486 — CVSS 9.8 (critical): Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects…
CVE-2025-50594 — CVSS 9.8 (critical): An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management…
CVE-2025-43932 — CVSS 9.8 (critical): JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset…
CVE-2025-43931 — CVSS 9.8 (critical): flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a…
CVE-2025-6216 — CVSS 9.8 (critical): Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass…
CVE-2025-31380 — CVSS 9.8 (critical): Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows…
CVE-2025-22144 — CVSS 9.8 (critical): NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit…
CVE-2024-11350 — CVSS 9.8 (critical): The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6…
CVE-2024-11103 — CVSS 9.8 (critical): The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including…
CVE-2024-8878 — CVSS 9.8 (critical): The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take…
CVE-2024-38287 — CVSS 9.8 (critical): The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers…
CVE-2024-38468 — CVSS 9.8 (critical): Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API.
CVE-2024-5404 — CVSS 9.8 (critical): An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.
CVE-2023-36487 — CVSS 9.8 (critical): The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.
CVE-2023-30466 — CVSS 9.8 (critical): This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and…
CVE-2022-45637 — CVSS 9.8 (critical): An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry…
CVE-2022-47697 — CVSS 9.8 (critical): COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account…
CVE-2022-3485 — CVSS 9.8 (critical): In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying…
CVE-2022-44004 — CVSS 9.8 (critical): An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can…
CVE-2022-37300 — CVSS 9.8 (critical): A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and…
CVE-2022-23855 — CVSS 9.8 (critical): An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep…
CVE-2021-22763 — CVSS 9.8 (critical): A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic…
CVE-2021-28293 — CVSS 9.8 (critical): Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The…
CVE-2021-22731 — CVSS 9.8 (critical): Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior…
CVE-2020-27179 — CVSS 9.8 (critical): konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.
CVE-2020-25105 — CVSS 9.8 (critical): eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).
CVE-2020-7245 — CVSS 9.8 (critical): Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if…
CVE-2019-19844 — CVSS 9.8 (critical): Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to…
CVE-2019-17392 — CVSS 9.8 (critical): Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.