CWE-620

85 CVEs classified under CWE-620. Browse by severity and year.

Top CVEs for CWE-620
CVESeverityScorePublishedSummary
CVE-2024-20419Critical10.02024-07-17A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change th…
CVE-2025-1107Critical9.92025-02-07Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password withou…
CVE-2024-33699Critical9.92024-10-30The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and…
CVE-2025-70082Critical9.82026-03-11An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
CVE-2025-67041Critical9.82026-03-11An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This…
CVE-2025-63362Critical9.82025-12-04Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the A…
CVE-2025-9286Critical9.82025-10-03The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() R…
CVE-2025-10159Critical9.82025-09-09An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmwar…
CVE-2025-4606Critical9.82025-07-09The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including…
CVE-2024-12827Critical9.82025-06-27The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and includi…
CVE-2025-4322Critical9.82025-05-20The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the them…
CVE-2025-4558Critical9.82025-05-12The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the…
CVE-2025-2253Critical9.82025-05-09The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin no…
CVE-2025-3603Critical9.82025-04-24The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to t…
CVE-2024-48887Critical9.82025-04-08A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially c…
CVE-2024-12824Critical9.82025-03-01The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6…
CVE-2024-12860Critical9.82025-02-18The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and i…
CVE-2024-13375Critical9.82025-01-18The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to…
CVE-2024-26520Critical9.82024-07-26An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authenticat…
CVE-2024-37998Critical9.82024-07-22A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password…