CWE-288
Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
437 vulnerabilities with CWE-288
CVE-2026-30777
MEDIUM
EC-CUBE - Auth Bypass
CVSS 4.9
CVE-2026-27390
HIGH
WeDesignTech Ultimate Booking Addon <=1.0.1 - Auth Bypass
CVSS 8.8
CVE-2026-27389
CRITICAL
WeDesignTech Ultimate Booking Addon <=1.0.1 - Auth Bypass
CVSS 9.8
CVE-2026-20079
CRITICAL
Cisco Secure FMC - Auth Bypass
CVSS 10.0
CVE-2026-2628
CRITICAL
All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <2.2.5 - A...
CVSS 9.8
CVE-2026-28411
CRITICAL
WeGIA <3.6.5 - Auth Bypass
CVSS 9.8
CVE-2026-27707
HIGH
Seerr 2.0.0-3.1.0 - Auth Bypass
CVSS 7.3
CVE-2026-22205
HIGH
SPIP <4.4.10 - Auth Bypass
CVSS 7.5
CVE-2026-1241
Pelco Sarix Professional 3 Series - Auth Bypass
CVE-2026-1779
HIGH
WordPress User Registration & Membership <=5.1.2 - Auth Bypass
CVSS 8.1
CVE-2026-1747
MEDIUM
GitLab EE - Privilege Escalation
CVSS 4.3
CVE-2026-27611
MEDIUM
FileBrowser Quantum <1.1.3/1.2.6 - Auth Bypass
CVSS 6.5
CVE-2025-69985
CRITICAL
FUXA <=1.2.8 - Auth Bypass to RCE
CVSS 9.8
CVE-2026-2791
CRITICAL
Firefox <148 & ESR <140.8 - Auth Bypass
CVSS 9.8
CVE-2026-2784
CRITICAL
Firefox <148 - Auth Bypass
CVSS 9.8
CVE-2026-2775
CRITICAL
Firefox <148 - Auth Bypass
CVSS 9.8
CVE-2026-22341
MEDIUM
Case-Themes Booked <=3.0.0 - Auth Bypass
CVSS 5.4
CVE-2025-68895
MEDIUM
AhaChat Messenger Marketing <=1.1 - Auth Bypass
CVSS 6.5
CVE-2025-67998
HIGH
Miraculous Elementor <=2.0.7 - Auth Bypass
CVSS 8.8
CVE-2026-2540
Micca KE700 - Replay Attack
CVE-2026-1618
HIGH
Universal Software Inc. FlexCity/Kiosk <1.0.36 - Privilege Escalation
CVSS 8.8
CVE-2020-37156
MEDIUM
BloodX 1.0 - Auth Bypass
CVSS 6.5
CVE-2026-1603
HIGH
Ivanti Endpoint Manager < 2024 - Authentication Bypass
CVSS 8.6
CVE-2026-2096
CRITICAL
Agentflow - Auth Bypass
CVSS 9.8
CVE-2026-2095
CRITICAL
Agentflow - Auth Bypass
CVSS 9.8
Details
Vulnerabilities
437