CWE-620

Unverified Password Change

Parent: CWE-1390 - Weak Authentication

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

69 vulnerabilities with CWE-620
CVE-2026-27757 HIGH
SODOLA SL902-SWTGW124AS <200.1.20 - Auth Bypass
CVSS 7.1
CVE-2026-24443 HIGH
EventSentry <6.0.1.20 - Auth Bypass
CVSS 8.8
CVE-2026-2543 LOW
vichan-devel vichan <5.1.5 - Auth Bypass
CVSS 2.7
CVE-2026-24440 HIGH
Shenzhen Tenda W30E V2 - Info Disclosure
CVSS 8.8
CVE-2025-14751
Product - Privilege Escalation
CVE-2025-11235 LOW
Progress MOVEit Transfer <2023.1.3-2022.0.10 - Unverified Password ...
CVSS 3.7
CVE-2025-13148 HIGH
IBM Aspera Orchestrator <4.1.0 - Privilege Escalation
CVSS 8.1
CVE-2025-67719
Ibexa <5.0.3 - Privilege Escalation
CVE-2025-59808 MEDIUM
Fortinet FortiSOAR <7.6.2 - Info Disclosure
CVSS 6.8
CVE-2025-63362 CRITICAL
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gatewa...
CVSS 9.8
CVE-2025-61132 HIGH
levlaz braindump <0.4.14 - Host Header Injection
CVSS 7.1
CVE-2025-62425 HIGH
MAS <1.4.0 - Privilege Escalation
CVSS 8.3
CVE-2025-61536 HIGH
FelixRiddle dev-jobs-handlebars 1.0 - Info Disclosure
CVSS 8.2
CVE-2025-22381 HIGH
Aggie 2.6.1 - Open Redirect
CVSS 8.2
CVE-2025-9286 CRITICAL
Appy Pie Connect <1.1.2 - Privilege Escalation
CVSS 9.8
CVE-2025-10159 CRITICAL
Sophos AP6 - Privilege Escalation
CVSS 9.8
CVE-2025-46389 MEDIUM
Product - Privilege Escalation
CVSS 6.5
CVE-2025-4606 CRITICAL
The Sala - Startup & SaaS WordPress Theme <1.1.4 - Privilege Escala...
CVSS 9.8
CVE-2024-12827 CRITICAL
DWT - Directory & Listing WordPress Theme <3.3.6 - Privilege Escala...
CVSS 9.8
CVE-2025-6097 MEDIUM
UTT 进取 750W <5.0 - Auth Bypass
CVSS 5.3
CVE-2025-5482 HIGH
Sunshinephotocart Sunshine Photo Cart < 3.4.12 - Privilege Escalation
CVSS 8.8
CVE-2025-47938 LOW
TYPO3 <9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.1...
CVSS 3.8
CVE-2025-4322 CRITICAL
Motors WordPress <5.6.67 - Privilege Escalation
CVSS 9.8
CVE-2025-4903 MEDIUM
Dlink Di-7003g Firmware - Password Reset Weakness
CVSS 5.3
CVE-2025-46748 LOW
Product - Privilege Escalation
CVSS 2.7
Details
Vulnerabilities 69
Links
MITRE CWE Entry Search this CWE With Exploits