Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-640 (忘记口令恢复机制弱) — Vulnerability Class 101

101 vulnerabilities classified as CWE-640 (忘记口令恢复机制弱). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40585 blueprintUE: Password Reset Tokens Have No Expiry Window — blueprintue-self-hosted-edition 7.4 High2026-04-21
CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise — openaev 9.1 Critical2026-04-20
CVE-2025-36579 Dell Client Platform BIOS 安全漏洞 — Dell Pro 14 Essential PV14250 5.1 Medium2026-04-16
CVE-2026-33707 Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms — chamilo-lms 9.4 Critical2026-04-10
CVE-2026-4136 Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect — Membership Plugin – Restrict Content 4.3 Medium2026-03-20
CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection — cms 9.3 Critical2026-02-24
CVE-2026-2895 funadmin Member.php repass password recovery — funadmin 3.7 Low2026-02-21
CVE-2026-2564 Intelbras VIP 3260 Z IA OutsideCmd password recovery — VIP 3260 Z IA 8.1 High2026-02-16
CVE-2020-37158 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset) — AVideo Platform 5.3 Medium2026-02-11
CVE-2020-37172 AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset) — AVideo Platform 5.3 Medium2026-02-11
CVE-2026-25858 macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure — mall 9.1 Critical2026-02-07
CVE-2026-1325 Sangfor Operation and Maintenance Security Management System edit_pwd_mall password recovery — Operation and Maintenance Security Management System 5.3 Medium2026-01-22
CVE-2022-50910 Beehive Forum - Account Takeover — Beehive Forum 9.8 Critical2026-01-13
CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery — badaso 3.7 Low2025-12-31
CVE-2025-14783 Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect — Easy Digital Downloads – eCommerce Payments and Subscriptions made easy 4.3 Medium2025-12-31
CVE-2023-53958 LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header — LDAP Tool Box Self Service Password 7.5 High2025-12-19
CVE-2025-14696 Shenzhen Sixun Software Sixun Shanghui Group Business Management System UpdatePasswordBatch password recovery — Sixun Shanghui Group Business Management System 5.3 Medium2025-12-15
CVE-2025-64113 Emby Server allows attackers to gain administrative server access without preconditions — security 8.1AIHighAI2025-12-09
CVE-2025-53704 MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password — Pivot client application 7.5 High2025-12-04
CVE-2025-13565 SourceCodester Inventory Management System resetPassword.php password recovery — Inventory Management System 5.3 Medium2025-11-23
CVE-2025-62709 ClipBucket v5 is vulnerable to password reset link manipulation — clipbucket-v5 6.8 Medium2025-11-20
CVE-2025-62406 Piwigo is vulnerable to one-click account takeover by modifying the password-reset link — Piwigo 8.1 High2025-11-18
CVE-2025-12866 Hundred Plus|EIP Plus - Weak Password Recovery Mechanism — EIP Plus 9.8 Critical2025-11-10
CVE-2025-61977 AutomationDirect Productivity Suite Weak Password Recovery Mechanism for Forgotten Password — Productivity Suite 7.0 High2025-10-23
CVE-2025-41251 Weak password recovery vulnerability — NSX 8.1 High2025-09-29
CVE-2025-10322 Wavlink WL-WN578W2 sysinit.html password recovery — WL-WN578W2 5.3 Medium2025-09-12
CVE-2025-10127 Daikin Europe N.V Security Gateway Weak Password Recovery Mechanism for Forgotten Password — Security Gateway 9.8 Critical2025-09-11
CVE-2025-32486 WordPress Material Dashboard plugin <= 1.4.6 - Privilege Escalation Vulnerability — Material Dashboard 9.8 Critical2025-09-09
CVE-2025-7948 jshERP updatePwd password recovery — jshERP 4.3 Medium2025-07-22
CVE-2025-7881 Mercusys MW301R Web Interface password recovery — MW301R 2.7 Low2025-07-20

Vulnerabilities classified as CWE-640 (忘记口令恢复机制弱) represent 101 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.