CWE-620
85 CVEs classified under CWE-620. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-20419 | Critical | 10.0 | 2024-07-17 | A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change th… |
CVE-2025-1107 | Critical | 9.9 | 2025-02-07 | Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password withou… |
CVE-2024-33699 | Critical | 9.9 | 2024-10-30 | The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and… |
CVE-2025-70082 | Critical | 9.8 | 2026-03-11 | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component |
CVE-2025-67041 | Critical | 9.8 | 2026-03-11 | An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This… |
CVE-2025-63362 | Critical | 9.8 | 2025-12-04 | Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the A… |
CVE-2025-9286 | Critical | 9.8 | 2025-10-03 | The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() R… |
CVE-2025-10159 | Critical | 9.8 | 2025-09-09 | An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmwar… |
CVE-2025-4606 | Critical | 9.8 | 2025-07-09 | The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including… |
CVE-2024-12827 | Critical | 9.8 | 2025-06-27 | The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and includi… |
CVE-2025-4322 | Critical | 9.8 | 2025-05-20 | The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the them… |
CVE-2025-4558 | Critical | 9.8 | 2025-05-12 | The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the… |
CVE-2025-2253 | Critical | 9.8 | 2025-05-09 | The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin no… |
CVE-2025-3603 | Critical | 9.8 | 2025-04-24 | The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to t… |
CVE-2024-48887 | Critical | 9.8 | 2025-04-08 | A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially c… |
CVE-2024-12824 | Critical | 9.8 | 2025-03-01 | The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6… |
CVE-2024-12860 | Critical | 9.8 | 2025-02-18 | The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and i… |
CVE-2024-13375 | Critical | 9.8 | 2025-01-18 | The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to… |
CVE-2024-26520 | Critical | 9.8 | 2024-07-26 | An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authenticat… |
CVE-2024-37998 | Critical | 9.8 | 2024-07-22 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password… |