Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-288

CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288

CVE-2025-47710 HIGH

miniorange_2fa 5.0.0-5.1.9 - Authentication Bypass via Alternate Path

CVE-2025-47707 HIGH

miniorange_2fa 5.0.0-5.2.0 - Authentication Bypass via Alternate Path

CVE-2025-3932 MEDIUM

Thunderbird < 128.10.1, < 138.0.1 - XSS

CVE-2025-4427 MEDIUM KEV

Ivanti Endpoint Manager Mobile <= 12.5.0.0 - Unauthenticated Authentication Bypass via API

CVE-2025-22462 CRITICAL

Ivanti Neurons for ITSM < 2023.4, 2024.2, 2024.3 - Unauthenticated Authentication Bypass

CVE-2025-40581 HIGH

SCALANCE LPE9403 - Authentication Bypass via SINEMA Remote Connect Edge Client

CVE-2025-0549 MEDIUM

GitLab CE/EE <17.9.8, <17.10.6, <17.11.2 - Auth Bypass

CVE-2025-3844 CRITICAL

PeproDev Ultimate Profile Solutions <7.5.2 - Auth Bypass

CVE-2025-45607 CRITICAL

itranswarp v2.19 - Authentication Bypass via /manage/ Request

CVE-2025-1909 CRITICAL

BuddyBoss Platform Pro <2.7.01 - Auth Bypass

CVE-2025-47244 HIGH

ProGet >=5 <2024.22 - Unauthenticated Denial of Service via C# Reflection Layer

CVE-2025-24206 HIGH

iPadOS < 17.7.6 - Authentication Bypass via Improved State Management

CVE-2025-2492 CRITICAL

ASUS Router AiCloud - Authentication Bypass via Crafted Request

CVE-2025-39535 HIGH

appsbd Vitepos <3.1.7 - Auth Bypass

CVE-2025-32357 MEDIUM

Zammad 6.4.0-6.4.1 - Authenticated Unauthorized Knowledge Base Content Access via API

CVE-2025-31095 CRITICAL

Material Dashboard <1.4.5 - Auth Bypass

CVE-2025-22277 HIGH

appsbd Vitepos <3.1.4 - Auth Bypass

CVE-2025-24095 HIGH

iPadOS < 18.4 - Authentication Bypass via Privacy Preferences

CVE-2025-31694 HIGH

Drupal Two-factor Authentication < 1.10.0 - Authentication Bypass via Forceful Browsing

CVE-2025-22230 HIGH

VMware Tools for Windows - Privilege Escalation

CVE-2025-2747 CRITICAL KEV

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

CVE-2025-2746 CRITICAL KEV

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)

CVE-2025-30112 HIGH

70mai Dash Cam 1S - Unauthenticated Authentication Bypass via Direct Network API Access

CVE-2025-2080 CRITICAL

Optigo Networks Visual BACnet Capture Tool/Optigo Visual Networks C...

CVE-2025-29996 HIGH

Rising Technosoft CAP back office application < 2.0.4 - Two-Factor Authentication Bypass via API Request Manipulation

Previous Page 11 of 23 Next

Details

Vulnerabilities 569

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy