Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-640 (忘记口令恢复机制弱) — Vulnerability Class 101

101 vulnerabilities classified as CWE-640 (忘记口令恢复机制弱). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-24903 Dell Secure Connect Gateway 安全漏洞 — Secure Connect Gateway (SCG) Policy Manager 8.0 High2024-03-01
CVE-2024-22454 Dell PowerProtect Data Manager 授权问题漏洞 — PowerProtect Data Manager 8.8 High2024-02-13
CVE-2024-0491 Huaxia ERP UserController.java password recovery — ERP 5.3 Medium2024-01-13
CVE-2023-7028 Weak Password Recovery Mechanism for Forgotten Password in GitLab — GitLab 10.0 Critical2024-01-12
CVE-2024-0425 ForU CMS password recovery — CMS 5.3 Medium2024-01-11
CVE-2023-49589 WWBN AVideo 授权问题漏洞 — AVideo 8.8 High2024-01-10
CVE-2023-50172 WWBN AVideo 授权问题漏洞 — AVideo 5.3 Medium2024-01-10
CVE-2024-0186 HuiRan Host Reseller System HTTP POST Request password recovery — Host Reseller System 3.7 Low2024-01-02
CVE-2023-42481 Improper Access Control vulnerability in SAP Commerce Cloud — SAP Commerce Cloud 8.1 High2023-12-12
CVE-2023-49097 ZITADEL vulnerable account takeover via malicious host header injection — zitadel 8.1 High2023-11-30
CVE-2023-5959 Byzoro Smart S85F Management Platform login.php password recovery — Smart S85F Management Platform 4.3 Medium2023-11-11
CVE-2023-46138 JumpServer default admin user email leak password reset — jumpserver 3.7 Low2023-10-30
CVE-2023-5840 Weak Password Recovery Mechanism for Forgotten Password in linkstackorg/linkstack — linkstackorg/linkstack 9.8 -2023-10-29
CVE-2023-44399 ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting — zitadel 5.3 Medium2023-10-10
CVE-2023-5296 Xinhu RockOA Password password recovery — RockOA 4.3 Medium2023-09-29
CVE-2023-43650 Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver — jumpserver 8.2 High2023-09-27
CVE-2023-34357 Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password — HR Portal 7.8 High2023-09-07
CVE-2023-3222 Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin — Password Recovery Plugin 7.5 High2023-09-04
CVE-2023-4448 OpenRapid RapidCMS run-movepass.php password recovery — RapidCMS 6.3 Medium2023-08-21
CVE-2023-35134 Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password — Weincloud 7.4 High2023-07-19
CVE-2023-3007 ningzichun Student Management System Password Reset resetPassword.php password recovery — Student Management System 6.5 Medium2023-05-31
CVE-2023-30466 Authentication Bypass Vulnerability in Milesight Network Video Recorder (NVR) — NVR MS-Nxxxx-xxG 9.8 Critical2023-04-28
CVE-2022-26872 Password reset interception via API — MegaRAC SPx-12 8.3 High2023-01-30
CVE-2015-10071 gitter-badger ezpublish-modern-legacy forgotpassword.php password recovery — ezpublish-modern-legacy 2.6 Low2023-01-19
CVE-2022-3485 Weak Password Recovery in ifm moneo appliance — moneo appliance 9.8 Critical2022-12-12
CVE-2022-37300 多款Schneider Electric产品授权问题漏洞 — EcoStruxure Control Expert 9.8 Critical2022-09-12
CVE-2022-29174 Predictable password reset token may lead to account takeover in countly-server — countly-server 8.1 High2022-05-17
CVE-2022-24892 Multiple valid tokens for password reset in Shopware — shopware 6.4 Medium2022-04-28
CVE-2022-1073 Automatic Question Paper Generator password recovery — Automatic Question Paper Generator 7.3 High2022-03-29
CVE-2022-0777 Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber — microweber/microweber 7.5 -2022-03-01

Vulnerabilities classified as CWE-640 (忘记口令恢复机制弱) represent 101 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.