CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2025-1315 CRITICAL
Sfwebservice Injob < 3.5.1 - Missing Authentication
CVSS 9.8
CVE-2025-0749 HIGH
Homey < 2.4.3 - Unauthenticated Authentication Bypass via Empty Verification ID
CVSS 8.1
CVE-2025-1515 CRITICAL
WP Real Estate Manager <2.8 - Auth Bypass
CVSS 9.8
CVE-2025-27658 CRITICAL
Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Authentication Bypass
CVSS 9.8
CVE-2025-24846 HIGH
FutureNet AS-250 < 1.14.0 - Authentication Bypass via Crafted Request
CVSS 7.5
CVE-2025-1671 CRITICAL
Academist Membership <1.1.6 - Privilege Escalation
CVSS 9.8
CVE-2025-1638 CRITICAL
Alloggio Membership <1.0.2 - Auth Bypass
CVSS 9.8
CVE-2025-1564 CRITICAL
SetSail Membership <1.0.3 - Auth Bypass
CVSS 9.8
CVE-2025-0159 CRITICAL
IBM Storage Virtualize Unauthenticated Authentication Bypass via RPCAdapter Endpoint
CVSS 9.1
CVE-2025-1739 HIGH
Trivision Camera NC227WF v5.8.0 - Auth Bypass
CVSS 7.1
CVE-2025-1717 HIGH
Login Me Now < 1.7.2 - Unauthenticated Authentication Bypass via Arbitrary Transient Name
CVSS 8.1
CVE-2025-26966 CRITICAL
Aldo Latino PrivateContent <8.11.5 - Auth Bypass
CVSS 9.8
CVE-2025-26700 MEDIUM
RoboForm Password Manager <9.7.4 - Auth Bypass
CVSS 5.2
CVE-2025-1283 CRITICAL
Dingtian DT-R0 Series - Auth Bypass
CVSS 9.8
CVE-2025-24472 HIGH KEV
FortiProxy 7.0.0-7.0.19 and FortiOS 7.0.0-7.0.16 - Unauthenticated Authentication Bypass via CSF Proxy Requests
CVSS 8.1
CVE-2025-0181 CRITICAL
WP Foodbakery <4.7 - Privilege Escalation
CVSS 9.8
CVE-2025-0316 CRITICAL
WP Directorybox Manager <2.5 - Auth Bypass
CVSS 9.8
CVE-2025-1061 CRITICAL
Nextend Social Login Pro <3.1.16 - Auth Bypass
CVSS 9.8
CVE-2025-0674 CRITICAL
Elber Signum DVB-S/S2 IRD < 1.999 - Authentication Bypass via Password Management Endpoint
CVSS 9.8
CVE-2025-23217 HIGH
mitmproxy < 11.1.2 - Server-Side Request Forgery via Proxy to Internal API
CVE-2025-0364 CRITICAL
BigAntSoft BigAnt Server <5.6.06 - RCE
CVSS 9.8
CVE-2025-24456 MEDIUM
JetBrains Hub < 2024.3.55417 - Privilege Escalation via LDAP Authentication Mapping
CVSS 6.7
CVE-2024-44286 HIGH
macOS < 15.1 - Authentication Bypass via Keyboard Events on Locked Device
CVSS 7.5
CVE-2024-26009 HIGH
Fortinet Fortiswitchmanager < 7.0.4 - Authentication Bypass
CVSS 8.1
CVE-2024-33939 MEDIUM
Masteriyo - LMS <1.7.3 - Auth Bypass
CVSS 5.3
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits