Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-620 (未经验证的口令修改) — Vulnerability Class 67

67 vulnerabilities classified as CWE-620 (未经验证的口令修改). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40588 blueprintUE: Authenticated Password Change Does Not Verify Current Password — blueprintue-self-hosted-edition 8.1 High2026-04-21
CVE-2019-25653 Navicat for Oracle 12.1.15 Password Field Denial of Service — Navicat for Oracle 6.2 Medium2026-03-30
CVE-2026-27757 SODOLA SL902-SWTGW124AS <= 200.1.20 Unverified Password Change — SODOLA SL902-SWTGW124AS 7.1 High2026-02-27
CVE-2026-24443 EventSentry < 6.0.1.20 Web Reports Unverified Password Change — EventSentry 8.8 -2026-02-24
CVE-2026-2543 vichan-devel vichan Password Change pages.php unverified password change — vichan 2.7 Low2026-02-16
CVE-2026-24440 Tenda W30E V2 Allows Password Changes Without Verifying Current Password — W30E V2 9.1AICriticalAI2026-01-26
CVE-2025-14751 Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service — cMT3072XH 8.8AIHighAI2026-01-22
CVE-2025-11235 MOVEit Transfer REST API does not require current password in order to initiate the password change process — MOVEit Transfer 3.7 Low2026-01-06
CVE-2025-13148 IBM Aspera Orchestrator Unverified Password Change — Aspera Orchestrator 8.1 High2025-12-11
CVE-2025-67719 Ibexa User Bundle is missing password change validation — user 9.8AICriticalAI2025-12-11
CVE-2025-59808 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 安全漏洞 — FortiSOAR on-premise 6.5 Medium2025-12-09
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password — matrix-authentication-service 8.3 High2025-10-16
CVE-2025-9286 Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password — Appy Pie Connect for WooCommerce 9.8 Critical2025-10-03
CVE-2025-10159 Sophos AP6 Series 安全漏洞 — AP6 Series Wireless Access Points 9.8 Critical2025-09-09
CVE-2025-46389 Emby MediaBrowser 安全漏洞 — MediaBrowser 6.5 Medium2025-08-06
CVE-2025-4606 Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover — Sala - Startup & SaaS WordPress Theme 9.8 Critical2025-07-09
CVE-2024-12827 DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset — DWT - Directory & Listing WordPress Theme 9.8 Critical2025-06-27
CVE-2025-6097 UTT 进取 750W Administrator Password setSysAdm formDefineManagement unverified password change — 进取 750W 5.3 Medium2025-06-16
CVE-2025-5482 Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber+) Privilege Escalation — Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers 8.8 High2025-06-04
CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users — typo3 3.8 Low2025-05-20
CVE-2025-4322 Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover — Motors - Car Dealer, Rental & Listing WordPress theme 9.8 Critical2025-05-20
CVE-2025-4903 D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change — DI-7003GV2 5.3 Medium2025-05-19
CVE-2025-46748 Unverified Password Change — SEL Blueframe OS 2.7 Low2025-05-12
CVE-2025-4558 WormHole Tech GPM - Unverified Password Change — GPM 9.8 Critical2025-05-12
CVE-2025-4552 ContiNew Admin password unverified password change — ContiNew Admin 5.4 Medium2025-05-11
CVE-2025-2253 IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset — IMITHEMES Listing 9.8 Critical2025-05-09
CVE-2024-47784 Unverified Password Change — ANC 2.6 Low2025-04-30
CVE-2025-3603 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Password Update — Flynax Bridge 9.8 Critical2025-04-24
CVE-2025-3793 Buddypress Force Password Change <= 0.1 - Authenticated (Subscriber+) Account Takeover via Password Update — Buddypress Force Password Change 4.2 Medium2025-04-24
CVE-2025-3607 Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset — Login, Registration and Lost Password Blocks 8.8 High2025-04-24

Vulnerabilities classified as CWE-620 (未经验证的口令修改) represent 67 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.