CVE-2024-38437
9.8CRITICAL
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
7/21/2024CWE-288, CWE-306
CVE-2024-55591
9.8CRITICAL
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 ...
1/14/2025CWE-288
CVE-2025-24472
8.1HIGH
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote ...
2/11/2025CWE-288
CVE-2025-22862
6.7MEDIUM
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 thr
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 thr...
10/2/2025CWE-288
CVE-2025-15102
9.1CRITICAL
DVP-12SE11T - Password Protection Bypass
DVP-12SE11T - Password Protection Bypass
12/30/2025CWE-288
CVE-2024-26009
8.1HIGH
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 th
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 th...
8/12/2025CWE-288
CVE-2025-10653
8.6HIGH
An unauthenticated debug port may allow access to the device file system.
An unauthenticated debug port may allow access to the device file system.
10/2/2025CWE-288
CVE-2024-23917
9.8CRITICAL
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
2/6/2024CWE-288, CWE-306
CVE-2025-24456
6.7MEDIUM
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
1/21/2025CWE-288, CWE-306
CVE-2025-30026
NONE
The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.
The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.
7/11/2025CWE-288
CVE-2025-46412
9.8CRITICAL
Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.
Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.
5/21/2025CWE-288
CVE-2024-27198
9.8CRITICAL
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
3/4/2024CWE-288
CVE-2025-10531
5.4MEDIUM
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox < 143 and Thunderbird < 143.
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox < 143 and Thunderbird < 143.
9/16/2025CWE-288
CVE-2024-29853
7.8HIGH
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.
5/22/2024CWE-288
CVE-2023-42793
9.8CRITICAL
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
9/19/2023CWE-288, CWE-306
CVE-2024-13179
7.3HIGH
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
1/14/2025CWE-22, CWE-288 +1
CVE-2024-47010
7.3HIGH
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
10/8/2024CWE-22, CWE-288 +1
CVE-2024-47009
7.3HIGH
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
10/8/2024CWE-22, CWE-288 +1
CVE-2025-45607
9.8CRITICAL
An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.
An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request.
5/5/2025CWE-288
CVE-2024-31814
8.8HIGH
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
4/8/2024CWE-288
CVE-2019-5455
6.8MEDIUM
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.
7/30/2019CWE-288, CWE-287
CVE-2025-48904
4.4MEDIUM
Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.
Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.
6/6/2025CWE-288
CVE-2024-11981
7.5HIGH
Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.
Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.
11/29/2024CWE-288
CVE-2021-43985
9.1CRITICAL
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
12/23/2021CWE-288
CVE-2025-64281
9.8CRITICAL
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
11/12/2025CWE-288
CVE-2025-30184
9.8CRITICAL
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
6/9/2025CWE-288
CVE-2018-5386
7.5HIGH
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
7/24/2018CWE-288, CWE-200
CVE-2025-13018
8.1HIGH
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.
11/11/2025CWE-288
CVE-2025-48926
4.3MEDIUM
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.
5/28/2025CWE-288
CVE-2025-27658
9.8CRITICAL
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001.
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001.
3/5/2025CWE-288
CVE-2025-26966
9.8CRITICAL
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
2/25/2025CWE-288
CVE-2024-41173
7.8HIGH
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.
8/27/2024CWE-288
CVE-2024-36042
9.8CRITICAL
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
6/3/2024CWE-288
CVE-2024-11639
10.0CRITICAL
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
12/10/2024CWE-288, CWE-306
CVE-2022-27510
9.8CRITICAL
Unauthorized access to Gateway user capabilities
Unauthorized access to Gateway user capabilities
11/8/2022CWE-288, CWE-287
CVE-2022-1681
7.2HIGH
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
5/12/2022CWE-288, CWE-287
CVE-2018-19000
5.3MEDIUM
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.
2/5/2019CWE-288, CWE-287
CVE-2025-64236
9.8CRITICAL
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.
12/18/2025CWE-288
CVE-2025-11534
NONE
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
10/21/2025CWE-288
CVE-2025-51452
9.8CRITICAL
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
8/13/2025CWE-288
CVE-2024-26566
8.2HIGH
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.
3/7/2024CWE-288
CVE-2024-21491
5.9MEDIUM
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker ca
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker ca...
2/13/2024CWE-288, CWE-347 +1
CVE-2025-67915
9.8CRITICAL
Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.
1/8/2026CWE-288
CVE-2026-21411
8.8HIGH
Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.
Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.
1/6/2026CWE-288
CVE-2025-54738
9.8CRITICAL
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9.
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9.
8/28/2025CWE-288
CVE-2025-54725
9.8CRITICAL
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0.
Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0.
8/28/2025CWE-288
CVE-2025-55623
5.4MEDIUM
An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).
An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).
8/22/2025CWE-288
CVE-2025-39535
7.2HIGH
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7.
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.7.
4/17/2025CWE-288
CVE-2025-22277
8.8HIGH
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.4.
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.4.
4/1/2025CWE-288
CVE-2024-43234
9.8CRITICAL
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14.
12/16/2024CWE-288
表示中 50 / many CVE