CWE-640

High likelihood

Weak Password Recovery Mechanism for Forgotten Password

Parent: CWE-1390 - Weak Authentication

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

258 vulnerabilities with CWE-640
CVE-2025-14783 MEDIUM
Easy Digital Downloads <3.6.2 - Open Redirect
CVSS 4.3
CVE-2025-65203 HIGH
KeePassXC-Browser <1.9.9.2 - Info Disclosure
CVSS 7.1
CVE-2025-14696 MEDIUM
Shenzhen Sixun Software Sixun Shanghui Group Business Management Sy...
CVSS 5.3
CVE-2025-64113 CRITICAL
Nuget Mediabrowser.server.core < 4.9.1.81 - Password Reset Weakness
CVSS 9.8
CVE-2025-53704 HIGH
Pivot Client - Privilege Escalation
CVSS 7.5
CVE-2025-66225 HIGH
OrangeHRM <5.7 - Info Disclosure
CVSS 8.8
CVE-2025-50433 CRITICAL
imonnit.com - Privilege Escalation
CVSS 9.8
CVE-2025-13565 MEDIUM
Warren-daloyan Inventory Management System - Password Reset Weakness
CVSS 5.3
CVE-2025-62709 MEDIUM
Oxygenz Clipbucket < 5.5.2-163 - Password Reset Weakness
CVSS 6.8
CVE-2025-62406 HIGH
Piwigo - Password Reset Weakness
CVSS 8.1
CVE-2025-8855 HIGH
Optimus Software Brokerage Automation <1.1.71 - Auth Bypass
CVSS 8.1
CVE-2025-12866 CRITICAL
EIP Plus - Info Disclosure
CVSS 9.8
CVE-2025-64101 HIGH
Zitadel < 2.71.18 - Open Redirect
CVSS 8.1
CVE-2025-61977 HIGH
Productivity Suite <v4.4.1.19 - Info Disclosure
CVSS 7.0
CVE-2025-56748 MEDIUM
Creativeitem Academy Lms < 5.13 - Password Reset Weakness
CVSS 6.4
CVE-2025-41251 HIGH
VMware NSX - Info Disclosure
CVSS 8.1
CVE-2025-10322 MEDIUM
Wavlink Wl-wn578w2 Firmware - Password Reset Weakness
CVSS 5.3
CVE-2025-10127 CRITICAL
Daikin Europe N.V - Auth Bypass
CVSS 9.8
CVE-2025-32486 CRITICAL
Hossein Material Dashboard <1.4.6 - Info Disclosure
CVSS 9.8
CVE-2025-50503 HIGH
Touch Lebanon Mobile App 2.20.2 - Auth Bypass
CVSS 8.8
CVE-2025-55030 MEDIUM
Firefox for iOS <142 - XSS
CVSS 6.1
CVE-2025-50594 CRITICAL
Danphe Health Hospital Management System EMR <3.2 - Privilege Escal...
CVSS 9.8
CVE-2025-7948 MEDIUM
jshERP <3.5 - Weak Password Recovery
CVSS 4.3
CVE-2025-7881 LOW
Mercusys MW301R 1.0.2 Build 190726 Rel.59423n - Weak Password Recovery
CVSS 2.7
CVE-2025-53373 HIGH
Natours - SSRF
Details
Vulnerabilities 258
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits