Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-640 (忘记口令恢复机制弱) — Vulnerability Class 101

101 vulnerabilities classified as CWE-640 (忘记口令恢复机制弱). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-43190 IBM Engineering Requirements Management DOORS weak authentication — Engineering Requirements Management DOORS 5.9 Medium2025-07-07
CVE-2025-53373 Natours has a 1 Click Account take over on reset password via Host Header injection — Natours 9.8AICriticalAI2025-07-07
CVE-2025-52560 Kanboard Password Reset Poisoning via Host Header Injection — kanboard 8.1 High2025-06-24
CVE-2025-6216 Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability — Allegra 9.8AICriticalAI2025-06-21
CVE-2025-47646 WordPress PSW Front-end Login & Registration plugin <= 1.13 - Broken Authentication Vulnerability — PSW Front-end Login &amp; Registration 9.8AICriticalAI2025-05-23
CVE-2025-31380 WordPress Paid Videochat Turnkey Site plugin <= 7.3.11 - Broken Authentication Vulnerability — Paid Videochat Turnkey Site 9.8 Critical2025-04-17
CVE-2024-12295 BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password — BoomBox Theme Extensions 8.8 High2025-03-19
CVE-2025-29995 Account Takeover Vulnerability in CAP back office application — CAP back office application 8.8 -2025-03-13
CVE-2025-2093 PHPGurukul Online Library Management System change-password.php password recovery — Online Library Management System 3.1 Low2025-03-07
CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP — Directorist: AI-Powered Business Directory, Listings & Classified Ads 8.1 High2025-02-28
CVE-2025-0331 YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery — YunzMall 5.3 Medium2025-01-09
CVE-2024-11350 AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover — AdForest 9.8 Critical2025-01-08
CVE-2024-47547 Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password — Reyee OS 9.4 Critical2024-12-06
CVE-2024-11103 Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 9.8 Critical2024-11-28
CVE-2024-45670 IBM Security SOAR weak password recovery mechanism — Security SOAR 5.6 Medium2024-11-14
CVE-2024-50356 Press has a potential 2FA bypass — press--2024-10-31
CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP — App Builder – Create Native Android & iOS Apps On The Flight 8.1 High2024-10-25
CVE-2024-9305 AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP — AppPresser – Mobile App Framework 8.1 High2024-10-16
CVE-2024-9907 QileCMS Verification Code Forget.php sendEmail password recovery — QileCMS 3.7 Low2024-10-13
CVE-2024-8878 Unauthenticated Password Reset — Netman 204 9.8AICriticalAI2024-09-24
CVE-2024-8692 TDuckCloud TDuckPro password recovery — TDuckPro 5.3 Medium2024-09-11
CVE-2024-6203 HaloITSM - Password Reset Poisoning — HaloITSM 8.3 High2024-08-06
CVE-2024-6125 Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism — OTP Login With Phone Number, OTP Verification 8.1 High2024-06-19
CVE-2023-7264 Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism — Build App Online 8.1 High2024-06-11
CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7 — SuiteCRM 3.7 Low2024-06-10
CVE-2024-5277 Weak Password Recovery Mechanism in lunary-ai/lunary — lunary-ai/lunary 9.8AICriticalAI2024-06-06
CVE-2024-5404 ifm: moneo prone to weak password recovery mechanism — moneo appliance QVA200 9.8 Critical2024-06-03
CVE-2023-35717 TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability — Tapo C210 8.8 -2024-05-03
CVE-2024-27899 Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine — SAP NetWeaver AS Java User Management Engine 8.8 High2024-04-09
CVE-2024-2463 Weak password recovery mechanism in CDeX — CDeX 9.1AICriticalAI2024-03-21

Vulnerabilities classified as CWE-640 (忘记口令恢复机制弱) represent 101 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.