CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

258 vulnerabilities with CWE-640
CVE-2026-7554 MEDIUM
D-Link M60 httpd password recovery
CVSS 5.6
CVE-2026-40585 HIGH
blueprintUE: Password Reset Tokens Have No Expiry Window
CVSS 7.4
CVE-2026-24467 CRITICAL
OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise
CVSS 9.0
CVE-2026-30459 HIGH
FuelCMS 1.5.2 - Info Disclosure
CVSS 7.1
CVE-2026-33707 CRITICAL
Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms
CVSS 9.4
CVE-2026-34751 CRITICAL
Payload has Unvalidated Input in Password Recovery Endpoints
CVSS 9.1
CVE-2026-4136 MEDIUM
Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect
CVSS 4.3
CVE-2026-32865 CRITICAL
OPEXUS eComplaint and eCase insecure password reset
CVSS 9.8
CVE-2026-32103 MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
CVSS 6.8
CVE-2026-28681 HIGH
IRRd 4.4.0-4.4.4/4.5.0 - Open Redirect
CVSS 8.1
CVE-2026-28268 CRITICAL
Vikunja <2.1.0 - Auth Bypass
CVSS 9.8
CVE-2026-28213 CRITICAL
EverShop <2.1.1 - Auth Bypass
CVSS 9.8
CVE-2026-27593 CRITICAL
Statmatic <6.3.3/5.73.10 - Auth Bypass
CVSS 9.3
CVE-2026-2895 LOW
funadmin <=7.1.0-rc4 - Weak Password Recovery
CVSS 3.7
CVE-2026-2564 HIGH
Intelbras VIP 3260 Z IA 2.840.00IB005.0.T - Auth Bypass
CVSS 8.1
CVE-2026-2543 LOW
vichan-devel vichan <5.1.5 - Auth Bypass
CVSS 2.7
CVE-2026-26273 CRITICAL
Idno Known < 1.6.3 - Information Disclosure
CVSS 9.8
CVE-2026-25858 CRITICAL
macrozheng mall <1.0.3 - Auth Bypass
CVSS 9.1
CVE-2026-1325 MEDIUM
Sangfor Operation And Maintenance Sec... - Password Reset Weakness
CVSS 5.3
CVE-2025-36579 MEDIUM
Dell Pro 14 Essential PV14250 <1.4.0 - Weak Password Recovery
CVSS 5.1
CVE-2025-69614 CRITICAL
Deutsche Telekom AG Portal - Auth Bypass
CVSS 9.4
CVE-2025-4320 CRITICAL
Birebirsoft Sufirmam <23012026 - Auth Bypass
CVSS 10.0
CVE-2025-4319 CRITICAL
Birebirsoft Sufirmam <23012026 - Auth Bypass
CVSS 9.4
CVE-2025-63314 CRITICAL
DDSN Interactive Acora CMS <10.7.1 - Code Injection
CVSS 10.0
CVE-2025-15398 LOW
Uatech Badaso < 2.9.7 - Password Reset Weakness
CVSS 3.7
Details
Vulnerabilities 258
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits