CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2024-12225 CRITICAL
Quarkus < 3.15.3.1 - Authentication Bypass via Default WebAuthn REST Endpoints
CVSS 9.1
CVE-2024-42178 LOW
HCL MyXalytics - Unauthenticated Information Disclosure via Unrestricted URL Access
CVSS 2.5
CVE-2024-13553 CRITICAL
SMS Alert Order Notifications < 3.7.9 - Unauthenticated Privilege Escalation via Host Header Spoofing
CVSS 9.8
CVE-2024-56325 CRITICAL
Apache Pinot < 1.3.0 - Authentication Bypass via Path Manipulation
CVSS 9.8
CVE-2024-13442 CRITICAL
Service Finder Bookings <5.0 - Privilege Escalation
CVSS 9.8
CVE-2024-13772 MEDIUM
Civi WordPress Theme <= 2.1.6.1 - Unauthenticated Authentication Bypass via Social Login
CVSS 5.6
CVE-2024-13771 CRITICAL
Civi WordPress Theme <= 2.1.4 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2024-11286 CRITICAL
Chimpgroup Jobcareer < 7.1 - Authentication Bypass
CVSS 9.8
CVE-2024-13446 CRITICAL
Workreap plugin <3.2.5 - Privilege Escalation
CVSS 9.8
CVE-2024-9658 HIGH
School Management System for Wordpress < 93.0.0 - Authenticated Privilege Escalation via User Detail Update Functions
CVSS 8.8
CVE-2024-13182 CRITICAL
WP Directorybox Manager <2.5 - Auth Bypass
CVSS 9.8
CVE-2024-12857 CRITICAL
AdForest < 5.1.8 - Unauthenticated Authentication Bypass via OTP Login
CVSS 9.8
CVE-2024-13181 HIGH
Ivanti Avalanche <6.4.7 - Path Traversal
CVSS 7.3
CVE-2024-13179 HIGH
Ivanti Avalanche <6.4.7 - Path Traversal
CVSS 7.3
CVE-2024-55591 CRITICAL KEV
FortiProxy 7.0.0-7.0.19 and 7.2.0-7.2.12 - Authentication Bypass via Node.js Websocket Module
CVSS 9.8
CVE-2024-12402 CRITICAL
Themes Coder - Privilege Escalation
CVSS 9.8
CVE-2024-56044 CRITICAL
VibeThemes WPLMS < 1.9.9 - Unauthenticated Authentication Bypass via Alternate Path
CVSS 9.8
CVE-2024-51464 MEDIUM
IBM i 7.3-7.5 - Authenticated Authentication Bypass via Navigator for i Interface
CVSS 4.3
CVE-2024-11349 CRITICAL
AdForest theme <5.1.6 - Auth Bypass
CVSS 9.8
CVE-2024-43234 CRITICAL
Woffice < 5.4.14 - Unauthenticated Authentication Bypass
CVSS 9.8
CVE-2024-56013 HIGH
Wovax IDX <= 1.2.2 - Authentication Bypass
CVSS 8.8
CVE-2024-54336 HIGH
Projectopia <= 5.1.7 - Authentication Bypass via Alternate Path
CVSS 8.8
CVE-2024-54297 CRITICAL
www.vbsso.com vBSSO-lite - Auth Bypass
CVSS 9.8
CVE-2024-54296 CRITICAL
CoSchool LMS <= 1.4.3 - Authentication Bypass
CVSS 9.8
CVE-2024-54295 CRITICAL
InspireUI ListApp Mobile Manager <1.7.7 - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits