CWE-640
Allowed-with-ReviewWeak Password Recovery Mechanism for Forgotten Password
Abstraction: Base · Status: Incomplete
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
393 vulnerabilities reference this CWE, most recent first.
CVE-2025-52560 (GCVE-0-2025-52560)
Vulnerability from cvelistv5 – Published: 2025-06-24 02:56 – Updated: 2025-06-24 15:02- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://github.com/kanboard/kanboard/security/adv… | x_refsource_CONFIRM |
| https://github.com/kanboard/kanboard/commit/bca2b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52560",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:02:34.318703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:02:43.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.46"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the application_url configuration is unset (default behavior). This allows an attacker to craft a malicious password reset link that leaks the token to an attacker-controlled domain. If a victim (including an administrator) clicks the poisoned link, their account can be taken over. This affects all users who initiate a password reset while application_url is not set. This issue has been patched in version 1.2.46."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T02:56:26.589Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92"
},
{
"name": "https://github.com/kanboard/kanboard/commit/bca2bd7ab95e7990e358fd35a7daf51a9c16aa75",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/bca2bd7ab95e7990e358fd35a7daf51a9c16aa75"
}
],
"source": {
"advisory": "GHSA-2ch5-gqjm-8p92",
"discovery": "UNKNOWN"
},
"title": "Kanboard Password Reset Poisoning via Host Header Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52560",
"datePublished": "2025-06-24T02:56:26.589Z",
"dateReserved": "2025-06-18T03:55:52.035Z",
"dateUpdated": "2025-06-24T15:02:43.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47646 (GCVE-0-2025-47646)
Vulnerability from cvelistv5 – Published: 2025-05-23 12:43 – Updated: 2026-04-29 09:51- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Gilblas Ngunte Possi | PSW Front-end Login & Registration |
Affected:
0 , ≤ 1.13
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T17:03:06.157744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T17:03:12.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "psw-login-and-registration",
"product": "PSW Front-end Login \u0026 Registration",
"vendor": "Gilblas Ngunte Possi",
"versions": [
{
"lessThanOrEqual": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:23.330Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login \u0026 Registration psw-login-and-registration allows Password Recovery Exploitation.\u003cp\u003eThis issue affects PSW Front-end Login \u0026 Registration: from n/a through \u003c= 1.13.\u003c/p\u003e"
}
],
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login \u0026 Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login \u0026 Registration: from n/a through \u003c= 1.13."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:55.265Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/psw-login-and-registration/vulnerability/wordpress-psw-front-end-login-registration-1-12-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "WordPress PSW Front-end Login \u0026 Registration plugin \u003c= 1.13 - Broken Authentication Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-47646",
"datePublished": "2025-05-23T12:43:23.517Z",
"dateReserved": "2025-05-07T10:45:05.653Z",
"dateUpdated": "2026-04-29T09:51:55.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41251 (GCVE-0-2025-41251)
Vulnerability from cvelistv5 – Published: 2025-09-29 18:45 – Updated: 2026-02-26 17:47- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | NSX |
Affected:
VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x
(custom)
Affected: VMware NSX-T - 3.x (custom) Affected: VMware Cloud Foundation (with NSX) - 5.x, 4.5.x (custom) Unaffected: VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287) (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T03:55:13.799400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:50.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSX",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "VMware NSX - 9.x.x.x, 4.2.x, 4.1.x, 4.0.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "VMware NSX-T - 3.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "VMware Cloud Foundation (with NSX) - 5.x, 4.5.x",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "VMware NSX 9.0.1.0; 4.2.2.2/4.2.3.1; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287)",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-29T18:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\u003cbr\u003e\u003cb\u003e\u003cbr\u003eImpact:\u003c/b\u003e\u0026nbsp;Username enumeration \u2192 credential brute force risk.\u003cbr\u003e\u003cb\u003eAttack Vector:\u003c/b\u003e\u0026nbsp;Remote, unauthenticated.\u003cbr\u003e\u003cb\u003eSeverity:\u003c/b\u003e\u0026nbsp;Important.\u003cbr\u003e\u003cb\u003eCVSSv3:\u003c/b\u003e\u0026nbsp;8.1 (High).\u003cbr\u003e\u003cb\u003e\u003cbr\u003eAcknowledgments:\u003c/b\u003e\u0026nbsp;Reported by the National Security Agency.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAffected Products:\u003c/b\u003e\u003cp\u003eVMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\u003c/p\u003eNSX-T 3.x\u003cbr\u003eVMware Cloud Foundation (with NSX) 5.x, 4.5.x\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFixed Versions:\u003c/b\u003e NSX 9.0.1.0; \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://4.2.2.2/4.2.3.1\"\u003e4.2.2.2/4.2.3.1\u003c/a\u003e; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\u003cbr\u003e\u003cb\u003eWorkarounds:\u003c/b\u003e None.\u003cbr\u003e\u003cul\u003e\n\u003c/ul\u003e\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks.\n\nImpact:\u00a0Username enumeration \u2192 credential brute force risk.\nAttack Vector:\u00a0Remote, unauthenticated.\nSeverity:\u00a0Important.\nCVSSv3:\u00a08.1 (High).\n\nAcknowledgments:\u00a0Reported by the National Security Agency.\n\nAffected Products:VMware NSX 9.x.x.x, 4.2.x, 4.1.x, 4.0.x\n\nNSX-T 3.x\nVMware Cloud Foundation (with NSX) 5.x, 4.5.x\n\nFixed Versions: NSX 9.0.1.0; 4.2.2.2/4.2.3.1 http://4.2.2.2/4.2.3.1 ; 4.1.2.7; NSX-T 3.2.4.3; CCF async patch (KB88287).\nWorkarounds: None."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T18:45:16.614Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak password recovery vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41251",
"datePublished": "2025-09-29T18:45:16.614Z",
"dateReserved": "2025-04-16T09:30:25.625Z",
"dateUpdated": "2026-02-26T17:47:50.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36579 (GCVE-0-2025-36579)
Vulnerability from cvelistv5 – Published: 2026-04-16 16:05 – Updated: 2026-05-27 16:34- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00030045… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Pro 14 Essential PV14250 |
Affected:
0 , < 1.4.0
(semver)
|
|
| Dell | Dell Pro Micro / QCM1255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Dell Pro Slim / QCS1255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Dell Pro Tower / QCT1255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Alienware 16 Area-51 AA16250 |
Affected:
0 , < 1.9.0
(semver)
|
|
| Dell | Alienware 16X Aurora AC16251 |
Affected:
0 , < 1.8.1
(semver)
|
|
| Dell | Alienware 18 Area-51 AA18250 |
Affected:
0 , < 1.9.0
(semver)
|
|
| Dell | Alienware Area-51 AAT225 |
Affected:
0 , < 1.11.0
(semver)
|
|
| Dell | Alienware Aurora ACT1250 |
Affected:
0 , < 1.10.0
(semver)
|
|
| Dell | Alienware m15 R6 |
Affected:
0 , < 1.42.0
(semver)
|
|
| Dell | Alienware m15 R7 |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Alienware m16 R1 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Alienware m16 R2 |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Alienware m18 R1 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Alienware M18 R2 |
Affected:
0 , < 1.20.0
(semver)
|
|
| Dell | Alienware x14 R2 |
Affected:
0 , < 1.30.1
(semver)
|
|
| Dell | Alienware x16 R1 |
Affected:
0 , < 1.30.1
(semver)
|
|
| Dell | Alienware X16 R2 |
Affected:
0 , < 1.18.1
(semver)
|
|
| Dell | ChengMing 3900 |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | ChengMing 3910/3911 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | ChengMing 3990 |
Affected:
0 , < 1.35.1
(semver)
|
|
| Dell | ChengMing 3991 |
Affected:
0 , < 1.35.1
(semver)
|
|
| Dell | Dell 14 DC14250 |
Affected:
0 , < 1.4.0
(semver)
|
|
| Dell | Dell 14 Premium DA14250 |
Affected:
0 , < 1.5.1
(semver)
|
|
| Dell | Dell 15 DC15250 |
Affected:
0 , < 1.6.0
(semver)
|
|
| Dell | Dell 16 DC16250 |
Affected:
0 , < 1.7.0
(semver)
|
|
| Dell | Dell 16 DC16251 |
Affected:
0 , < 1.7.0
(semver)
|
|
| Dell | Dell 16 Premium DA16250 |
Affected:
0 , < 1.7.0
(semver)
|
|
| Dell | Dell G15 5510 |
Affected:
0 , < 1.38.0
(semver)
|
|
| Dell | Dell G15 5511 |
Affected:
0 , < 1.41.0
(semver)
|
|
| Dell | Dell G15 5520 |
Affected:
0 , < 1.38.0
(semver)
|
|
| Dell | Dell G15 5530 |
Affected:
0 , < 1.30.0
(semver)
|
|
| Dell | Dell G16 7620 |
Affected:
0 , < 1.38.0
(semver)
|
|
| Dell | Dell G16 7630 |
Affected:
0 , < 1.30.0
(semver)
|
|
| Dell | Dell G5 5000 |
Affected:
0 , < 1.28.2
(semver)
|
|
| Dell | Dell Pro 13 Plus PB13250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 13 Plus PB13255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Dell Pro 13 Premium PA13250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 14 PC14250 |
Affected:
0 , < 1.10.2
(semver)
|
|
| Dell | Dell Pro 14 Plus PB14250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 14 Plus PB14255 |
Affected:
0 , < 1.9.1
(semver)
|
|
| Dell | Dell Pro 14 Premium PA14250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 15 Essential PV15250 |
Affected:
0 , < 1.2.0
(semver)
|
|
| Dell | Dell Pro 16 PC16250 |
Affected:
0 , < 1.10.2
(semver)
|
|
| Dell | Dell Pro 16 Plus PB16250 |
Affected:
0 , < 2.8.1
(semver)
|
|
| Dell | Dell Pro 16 Plus PB16255 |
Affected:
0 , < 1.9.1
(custom)
|
|
| Dell | Dell Pro 24 All-in-One Plus/Dell Pro 24 All-in-One |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Laptop PC14250 |
Affected:
0 , < 1.10.2
(semver)
|
|
| Dell | Dell Pro Laptop PC16250 |
Affected:
0 , < 1.10.2
(semver)
|
|
| Dell | Dell Pro Max 14 MC14250 |
Affected:
0 , < 1.9.0
(semver)
|
|
| Dell | Dell Pro Max 14 MC14255 |
Affected:
0 , < 1.6.2
(semver)
|
|
| Dell | Dell Pro Max 16 MC16250 |
Affected:
0 , < 1.9.0
(semver)
|
|
| Dell | Dell Pro Max 16 MC16255 |
Affected:
0 , < 1.6.2
(semver)
|
|
| Dell | Dell Pro Max Micro FCM2250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Max Slim FCS1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Max Tower T2 FCT2250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Micro/Micro Plus QCM1250/QBM1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Rugged 13 RA13250 |
Affected:
0 , < 1.12.1
(semver)
|
|
| Dell | Dell Pro Rugged 14 RB14250 |
Affected:
0 , < 1.12.1
(semver)
|
|
| Dell | Dell Pro Slim Essential QVS1260 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Slim Plus QBS1250/Dell Pro Slim QCS1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Tower Essential QVT1260 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Pro Tower Plus QBT1250/Dell Pro Tower QCT1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Slim ECS1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Tower ECT1250 |
Affected:
0 , < 1.10.1
(semver)
|
|
| Dell | Dell Tower Plus EBT2250 |
Affected:
0 , < 1.11.0
(semver)
|
|
| Dell | Inspiron 13 5320 |
Affected:
0 , < 1.30.0
(semver)
|
|
| Dell | Inspiron 13 5330 |
Affected:
0 , < 1.28.0
(semver)
|
|
| Dell | Inspiron 14 5420 |
Affected:
0 , < 1.33.0
(semver)
|
|
| Dell | Inspiron 14 5430 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 14 5440 |
Affected:
0 , < 1.19.0
(semver)
|
|
| Dell | Inspiron 14 7420 2-in-1 |
Affected:
0 , < 1.31.0
(semver)
|
|
| Dell | Inspiron 14 7430 2-in-1 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 14 7440 2-in-1 |
Affected:
0 , < 1.19.0
(semver)
|
|
| Dell | Inspiron 14 Plus 7420 |
Affected:
0 , < 1.34.0
(semver)
|
|
| Dell | Inspiron 14 Plus 7430 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 14 Plus 7440 |
Affected:
0 , < 1.22.0
(semver)
|
|
| Dell | Inspiron 15 3511 |
Affected:
0 , < 1.43.0
(semver)
|
|
| Dell | Inspiron 15 3520 |
Affected:
0 , < 1.39.0
(semver)
|
|
| Dell | Inspiron 16 5620 |
Affected:
0 , < 1.33.0
(semver)
|
|
| Dell | Inspiron 16 5630 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 16 5640 |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Inspiron 16 7610 |
Affected:
0 , < 1.36.0
(semver)
|
|
| Dell | Inspiron 16 7620 2-in-1 |
Affected:
0 , < 1.31.0
(semver)
|
|
| Dell | Inspiron 16 7630 2-in-1 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 16 7640 2-in-1 |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Inspiron 16 Plus 7620 |
Affected:
0 , < 1.34.0
(semver)
|
|
| Dell | Inspiron 16 Plus 7630 |
Affected:
0 , < 1.26.0
(semver)
|
|
| Dell | Inspiron 16 Plus 7640 |
Affected:
0 , < 1.22.0
(semver)
|
|
| Dell | Inspiron 24 5420 All-in-One |
Affected:
0 , < 1.25.0
(semver)
|
|
| Dell | Inspiron 24 5430 All-in-One |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Inspiron 27 7720 All-in-One |
Affected:
0 , < 1.25.0
(semver)
|
|
| Dell | Inspiron 27 7730 All-in-One |
Affected:
0 , < 1.18.0
(semver)
|
|
| Dell | Inspiron 3020 Desktop |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Inspiron 3020 Small Desktop |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Inspiron 3030 |
Affected:
0 , < 1.22.1
(semver)
|
|
| Dell | Inspiron 3030S |
Affected:
0 , < 1.22.1
(semver)
|
|
| Dell | Inspiron 3910 |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Inspiron 5400/5401 |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Inspiron 5401 AIO |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Inspiron 5410 All-in-One |
Affected:
0 , < 1.35.0
(semver)
|
|
| Dell | Inspiron 5510 |
Affected:
0 , < 2.39.0
(semver)
|
|
| Dell | Inspiron 7700 All-In-One |
Affected:
0 , < 1.37.0
(semver)
|
|
| Dell | Inspiron 7710 All-in-One |
Affected:
0 , < 1.35.0
(semver)
|
|
| Dell | Latitude 3120 |
Affected:
0 , < 1.35.1
(semver)
|
|
| Dell | Latitude 3140 |
Affected:
0 , < 1.28.1
(semver)
|
|
| Dell | Latitude 3140 2in1 |
Affected:
0 , < 1.28.1
(semver)
|
|
| Dell | Latitude 3320 |
Affected:
0 , < 1.41.0
(semver)
|
|
| Dell | Latitude 3330 |
Affected:
0 , < 1.33.0
(semver)
|
|
| Dell | Latitude 3340 |
Affected:
0 , < 1.29.0
(semver)
|
|
| Dell | Latitude 3410 |
Affected:
0 , < 1.36.0
(semver)
|
|
| Dell | Latitude 3420 |
Affected:
0 , < 1.46.0
(semver)
|
|
| Dell | Latitude 3430 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Latitude 3440 |
Affected:
0 , < 1.29.0
(semver)
|
|
| Dell | Latitude 3450 |
Affected:
0 , < 1.20.0
(semver)
|
|
| Dell | Latitude 3510 |
Affected:
0 , < 1.36.0
(semver)
|
|
| Dell | Latitude 3520 |
Affected:
0 , < 1.46.0
(semver)
|
|
| Dell | Latitude 3530 |
Affected:
0 , < 1.32.0
(semver)
|
|
| Dell | Latitude 3540 |
Affected:
0 , < 1.29.0
(semver)
|
|
| Dell | Latitude 3550 |
Affected:
0 , < 1.20.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T17:16:03.575331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T16:34:39.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 Essential PV14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Micro / QCM1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Slim / QCS1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Tower / QCT1255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 16 Area-51 AA16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 16X Aurora AC16251",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware 18 Area-51 AA18250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware Area-51 AAT225",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware Aurora ACT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m15 R6",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.42.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m15 R7",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m16 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m16 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware m18 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware M18 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware x14 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware x16 R1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Alienware X16 R2",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3900",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3910/3911",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3990",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ChengMing 3991",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 14 DC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 14 Premium DA14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 15 DC15250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 16 DC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 16 DC16251",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell 16 Premium DA16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G15 5510",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G15 5511",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G15 5520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G15 5530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G16 7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G16 7630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell G5 5000",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 13 Plus PB13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 13 Plus PB13255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 13 Premium PA13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 PC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 Plus PB14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 Plus PB14255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 14 Premium PA14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 15 Essential PV15250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 16 PC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 16 Plus PB16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 16 Plus PB16255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro 24 All-in-One Plus/Dell Pro 24 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Laptop PC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Laptop PC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max 14 MC14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max 14 MC14255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max 16 MC16250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max 16 MC16255",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max Micro FCM2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max Slim FCS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Max Tower T2 FCT2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Micro/Micro Plus QCM1250/QBM1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Rugged 13 RA13250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Rugged 14 RB14250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Slim Essential QVS1260",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Slim Plus QBS1250/Dell Pro Slim QCS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Tower Essential QVT1260",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Pro Tower Plus QBT1250/Dell Pro Tower QCT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Slim ECS1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Tower ECT1250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Tower Plus EBT2250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 13 5320",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 13 5330",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 5440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 7420 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 7430 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 7440 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.34.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 14 Plus 7440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 15 3511",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.43.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 15 3520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.39.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 5640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7610",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7620 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7630 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 7640 2-in-1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.34.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7630",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 16 Plus 7640",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 24 5420 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 24 5430 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 27 7720 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 27 7730 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3020 Desktop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3020 Small Desktop",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3030",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3030S",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.22.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 3910",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5400/5401",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5401 AIO",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5410 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 5510",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.39.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 7700 All-In-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.37.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Inspiron 7710 All-in-One",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3120",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3140",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3140 2in1",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3320",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.41.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3330",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3340",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3410",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3420",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3430",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3440",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3510",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3530",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3540",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Latitude 3550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Bill Demirkapi of the Microsoft Security Response Center for reporting this issue."
}
],
"datePublic": "2025-07-21T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access."
}
],
"value": "Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T18:32:52.672Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000300450/dsa-2025-153"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-36579",
"datePublished": "2026-04-16T16:05:32.561Z",
"dateReserved": "2025-04-15T21:30:44.885Z",
"dateUpdated": "2026-05-27T16:34:39.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32486 (GCVE-0-2025-32486)
Vulnerability from cvelistv5 – Published: 2025-09-09 16:25 – Updated: 2026-04-28 16:12- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| Hossein | Material Dashboard |
Affected:
0 , ≤ 1.4.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T17:49:26.251451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T18:40:58.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "material-dashboard",
"product": "Material Dashboard",
"vendor": "Hossein",
"versions": [
{
"changes": [
{
"at": "1.4.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Martino Spagnuolo (r3verii) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:38:34.670Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.\u003cp\u003eThis issue affects Material Dashboard: from n/a through \u003c= 1.4.6.\u003c/p\u003e"
}
],
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through \u003c= 1.4.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:22.677Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/material-dashboard/vulnerability/wordpress-material-dashboard-1-4-6-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress Material Dashboard plugin \u003c= 1.4.6 - Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32486",
"datePublished": "2025-09-09T16:25:32.379Z",
"dateReserved": "2025-04-09T11:19:01.929Z",
"dateUpdated": "2026-04-28T16:12:22.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31380 (GCVE-0-2025-31380)
Vulnerability from cvelistv5 – Published: 2025-04-17 15:47 – Updated: 2026-04-28 16:12- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| videowhisper | Paid Videochat Turnkey Site |
Affected:
0 , ≤ 7.3.11
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:42:28.566247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:23:30.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ppv-live-webcams",
"product": "Paid Videochat Turnkey Site",
"vendor": "videowhisper",
"versions": [
{
"changes": [
{
"at": "7.3.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:36:54.380Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.\u003cp\u003eThis issue affects Paid Videochat Turnkey Site: from n/a through \u003c= 7.3.11.\u003c/p\u003e"
}
],
"value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Password Recovery Exploitation.This issue affects Paid Videochat Turnkey Site: from n/a through \u003c= 7.3.11."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "Password Recovery Exploitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:05.517Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ppv-live-webcams/vulnerability/wordpress-paid-videochat-turnkey-site-7-3-5-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "WordPress Paid Videochat Turnkey Site plugin \u003c= 7.3.11 - Broken Authentication Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31380",
"datePublished": "2025-04-17T15:47:50.544Z",
"dateReserved": "2025-03-28T10:59:17.383Z",
"dateUpdated": "2026-04-28T16:12:05.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-29995 (GCVE-0-2025-29995)
Vulnerability from cvelistv5 – Published: 2025-03-13 11:16 – Updated: 2025-03-13 19:36- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Rising Technosoft | CAP back office application |
Affected:
<2.0.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T19:36:48.723948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:36:58.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CAP back office application",
"vendor": "Rising Technosoft",
"versions": [
{
"status": "affected",
"version": "\u003c2.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Mohit Gadiya."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users."
}
],
"value": "This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T11:16:26.519Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0048"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade Rising Technosoft CAP back office application to the version 2.0.4 or later.\u003cbr\u003e"
}
],
"value": "Upgrade Rising Technosoft CAP back office application to the version 2.0.4 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Account Takeover Vulnerability in CAP back office application",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2025-29995",
"datePublished": "2025-03-13T11:16:26.519Z",
"dateReserved": "2025-03-13T06:38:16.282Z",
"dateUpdated": "2025-03-13T19:36:58.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-15398 (GCVE-0-2025-15398)
Vulnerability from cvelistv5 – Published: 2025-12-31 22:02 – Updated: 2026-01-02 14:35- CWE-640 - Weak Password Recovery
| URL | Tags |
|---|---|
| https://vuldb.com/?id.339207 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.339207 | signaturepermissions-required |
| https://vuldb.com/?submit.720129 | third-party-advisory |
| https://note-hxlab.wetolink.com/share/HG1CWbb7FVnq | related |
| https://note-hxlab.wetolink.com/share/HG1CWbb7FVn… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15398",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T14:15:52.898271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T14:35:19.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://note-hxlab.wetolink.com/share/HG1CWbb7FVnq#-span--strong-step-1--trigger-password-reset-for-victim--strong---span-"
},
{
"tags": [
"exploit"
],
"url": "https://note-hxlab.wetolink.com/share/HG1CWbb7FVnq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Token Handler"
],
"product": "badaso",
"vendor": "Uasoft",
"versions": [
{
"status": "affected",
"version": "2.9.0"
},
{
"status": "affected",
"version": "2.9.1"
},
{
"status": "affected",
"version": "2.9.2"
},
{
"status": "affected",
"version": "2.9.3"
},
{
"status": "affected",
"version": "2.9.4"
},
{
"status": "affected",
"version": "2.9.5"
},
{
"status": "affected",
"version": "2.9.6"
},
{
"status": "affected",
"version": "2.9.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hiro (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T22:02:08.542Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-339207 | Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.339207"
},
{
"name": "VDB-339207 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.339207"
},
{
"name": "Submit #720129 | badaso 2.9.7 Cryptographically Weak PRNG",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.720129"
},
{
"tags": [
"related"
],
"url": "https://note-hxlab.wetolink.com/share/HG1CWbb7FVnq"
},
{
"tags": [
"exploit"
],
"url": "https://note-hxlab.wetolink.com/share/HG1CWbb7FVnq#-span--strong-step-1--trigger-password-reset-for-victim--strong---span-"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-31T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-31T15:51:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15398",
"datePublished": "2025-12-31T22:02:08.542Z",
"dateReserved": "2025-12-31T14:46:12.996Z",
"dateUpdated": "2026-01-02T14:35:19.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14783 (GCVE-0-2025-14783)
Vulnerability from cvelistv5 – Published: 2025-12-31 06:24 – Updated: 2026-04-08 16:47- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
| Vendor | Product | Version | |
|---|---|---|---|
| smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy |
Affected:
0 , ≤ 3.6.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-31T16:25:43.153630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T16:25:51.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angus Girvan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the \u0027edd_redirect\u0027 parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:47:21.110Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c0fb43c-f576-412e-a144-4725356ed9a0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/easy-digital-downloads/trunk/includes/users/lost-password.php#L187"
},
{
"url": "https://plugins.trac.wordpress.org/browser/easy-digital-downloads/trunk/includes/blocks/views/forms/lost-password.php#L24"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3426524/easy-digital-downloads/trunk/includes/users/lost-password.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-16T13:48:22.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-30T17:50:22.000Z",
"value": "Disclosed"
}
],
"title": "Easy Digital Downloads \u003c= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14783",
"datePublished": "2025-12-31T06:24:42.546Z",
"dateReserved": "2025-12-16T13:32:13.229Z",
"dateUpdated": "2026-04-08T16:47:21.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14696 (GCVE-0-2025-14696)
Vulnerability from cvelistv5 – Published: 2025-12-15 01:32 – Updated: 2025-12-15 19:32- CWE-640 - Weak Password Recovery
| URL | Tags |
|---|---|
| https://vuldb.com/?id.336414 | vdb-entry |
| https://vuldb.com/?ctiid.336414 | signaturepermissions-required |
| https://vuldb.com/?submit.705601 | third-party-advisory |
| https://github.com/zhangbuneng/Sissyun-Shanghui-7… | issue-tracking |
| https://github.com/zhangbuneng/Sissyun-Shanghui-7… | exploitissue-tracking |
| Vendor | Product | Version | |
|---|---|---|---|
| Shenzhen Sixun Software | Sixun Shanghui Group Business Management System |
Affected:
4.10.24.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14696",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:30:22.423041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:32:29.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sixun Shanghui Group Business Management System",
"vendor": "Shenzhen Sixun Software",
"versions": [
{
"status": "affected",
"version": "4.10.24.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yaozhangYiqiyin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to weak password recovery. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T01:32:06.512Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336414 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System UpdatePasswordBatch password recovery",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.336414"
},
{
"name": "VDB-336414 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336414"
},
{
"name": "Submit #705601 | Shenzhen Sixun Software Co., Ltd. Sissyun Shanghui 7 Online Business System 4.10.24.3 Unauthorized",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.705601"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/1"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/1#issue-3688839620"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-14T13:27:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "Shenzhen Sixun Software Sixun Shanghui Group Business Management System UpdatePasswordBatch password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14696",
"datePublished": "2025-12-15T01:32:06.512Z",
"dateReserved": "2025-12-14T12:22:49.117Z",
"dateUpdated": "2025-12-15T19:32:29.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.
Mitigation
Do not use standard weak security questions and use several security questions.
Mitigation
Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.
Mitigation
Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.
Mitigation
Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.
Mitigation
Assign a new temporary password rather than revealing the original password.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.