CWE-620 (未经验证的口令修改) — Vulnerability Class 67

67 vulnerabilities classified as CWE-620 (未经验证的口令修改). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-3849	YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change — SpringBoot-Vue-OnlineExam	4.3	Medium	2025-04-21
CVE-2024-48887	Fortinet FortiSwitch 安全漏洞 — FortiSwitch	9.3	Critical	2025-04-08
CVE-2024-41796	Siemens SENTRON 7KT PAC1260 Data Manager 安全漏洞 — SENTRON 7KT PAC1260 Data Manager	6.5	Medium	2025-04-08
CVE-2024-9431	Improper Privilege Management in transformeroptimus/superagi — transformeroptimus/superagi	8.8	-	2025-03-20
CVE-2024-13373	Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update — Exertio Framework	8.1	High	2025-03-01
CVE-2024-12824	Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change — Nokri – Job Board WordPress Theme	9.8	Critical	2025-03-01
CVE-2024-12860	CarSpot – Dealership Wordpress Classified Theme <= 2.4.3 - Unauthenticated Arbitrary Password Reset/Account Takeover — CarSpot – Dealership Wordpress Classified Theme	9.8	Critical	2025-02-18
CVE-2025-1107	Unverified password change vulnerability in Janto — Janto	9.9	Critical	2025-02-07
CVE-2024-45647	IBM Security Verify Access unverified password change — Security Verify Access	5.6	Medium	2025-01-20
CVE-2024-13375	Adifier System <= 3.1.7 - Unauthenticated Arbitrary Password Reset — Adifier System	9.8	Critical	2025-01-18
CVE-2024-28143	Insecure Password Change Function — Scan2Net	9.8	-	2024-12-12
CVE-2024-51493	API key access in settings without reauthentication in OctoPrint — OctoPrint	5.3	Medium	2024-11-05
CVE-2024-33699	LevelOne WBR-6012 安全漏洞 — WBR-6012	9.9	Critical	2024-10-30
CVE-2024-8794	BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset — BA Book Everything	5.3	Medium	2024-09-24
CVE-2024-21757	Fortinet FortiManager和Fortinet FortiAnalyzer 安全漏洞 — FortiManager	5.5	Medium	2024-08-13
CVE-2024-37998	Siemens CPCI85 Central Processing和SICORE Base system 安全漏洞 — CPCI85 Central Processing/Communication	9.8	Critical	2024-07-22
CVE-2024-20419	Cisco Smart Software Manager On-Prem 安全漏洞 — Cisco Smart Software Manager On-Prem	10.0	Critical	2024-07-17
CVE-2024-2213	Improper Authentication in zenml-io/zenml — zenml-io/zenml	8.8^AI	High^AI	2024-06-06
CVE-2023-4465	Poly VVX 601 Configuration File Import unverified password change — Trio 8300	2.7	Low	2023-12-29
CVE-2023-2449	UserPro <= 5.1.1 - Insecure Password Reset Mechanism — UserPro - Community and User Profile WordPress Plugin	9.8	Critical	2023-11-22
CVE-2023-4214	AppPresser <= 4.2.5 - Insecure Password Reset Mechanism — AppPresser – Mobile App Framework	8.1	High	2023-11-18
CVE-2023-5844	Unverified Password Change in pimcore/admin-ui-classic-bundle — pimcore/admin-ui-classic-bundle	8.8	-	2023-10-30
CVE-2023-4915	WP User Control <= 1.5.3 - Insecure Password Reset Mechanism — WP User Control	5.3	Medium	2023-09-13
CVE-2023-4381	Unverified Password Change in instantsoft/icms2 — instantsoft/icms2	9.8	-	2023-08-16
CVE-2023-3069	Unverified Password Change in tsolucio/corebos — tsolucio/corebos	9.8	-	2023-06-02
CVE-2023-2297	Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	9.8	Critical	2023-04-26
CVE-2023-25931	Medtronic Micro Clinician & InterStim X Clinician App Password Reset Issue — InsterStim Applications	6.4	Medium	2023-03-01
CVE-2022-3152	Unverified Password Change in phpfusion/phpfusion — phpfusion/phpfusion	8.1	-	2022-09-07
CVE-2022-2930	Unverified Password Change in octoprint/octoprint — octoprint/octoprint	7.1	-	2022-08-22
CVE-2022-21935	Metasys password guessing — Metasys ADS/ADX/OAS server	7.5	High	2022-06-15

Vulnerabilities classified as CWE-620 (未经验证的口令修改) represent 67 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-620 (未经验证的口令修改) — Vulnerability Class 67