CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2024-28200 CRITICAL
N-able N-central < 2024.2 - Authentication Bypass Detection
CVSS 9.1
CVE-2024-2973 CRITICAL
Juniper Networks Session Smart Router - Auth Bypass
CVSS 10.0
CVE-2024-31916 HIGH
IBM OpenBMC FW1050.00-FW1050.10 - Info Disclosure
CVSS 7.5
CVE-2024-5432 CRITICAL
Lifeline Donation < 1.2.6 - Unauthenticated Authentication Bypass via Checkout
CVSS 9.8
CVE-2024-37893 MEDIUM
Firefly III < 6.1.17 - MFA Bypass via OAuth Flow
CVSS 5.9
CVE-2024-3496 HIGH
Toshiba Tec e-Studio multi-function peripheral (MFP) - Authentication Bypass via Web Login
CVSS 8.8
CVE-2024-38279 MEDIUM
Motorola Vigilant Fixed LPR COMS Box Firmware <= 3.1.171.9 - Authentication Bypass
CVSS 4.6
CVE-2024-2013 CRITICAL
HitachiEnergy FOXMAN-UN/UNEM - Unauthenticated Authentication Bypass in API Gateway
CVSS 10.0
CVE-2024-2012 CRITICAL
HitachiEnergy FOXMAN-UN/UNEM - Authentication Bypass and Remote Code Execution
CVSS 9.1
CVE-2024-4552 CRITICAL
Social Login Lite For WooCommerce <1.6.0 - Auth Bypass
CVSS 9.8
CVE-2024-36042 CRITICAL
Silverpeas < 6.3.5 - Authentication Bypass via Omitted Password Field
CVSS 9.8
CVE-2024-36470 HIGH
JetBrains TeamCity <2022.04.7,2022.10.6,2023.05.6,2023.11.5 - Auth ...
CVSS 8.1
CVE-2024-5204 HIGH
Swiss Toolkit For WP <1.0.7 - Auth Bypass
CVSS 8.8
CVE-2024-5150 CRITICAL
WordPress Login with phone number <1.7.26 - Auth Bypass
CVSS 9.8
CVE-2024-4544 CRITICAL
The Pie Register - Social Sites Login (Add on) <1.7.7 - Auth Bypass
CVSS 9.8
CVE-2024-29853 HIGH
Veeam Agent for Microsoft Windows - Privilege Escalation
CVSS 7.8
CVE-2024-4393 CRITICAL
Social Connect <= 1.2 - Unauthenticated Authentication Bypass via OpenID Verification
CVSS 9.8
CVE-2024-4186 CRITICAL
WordPress Build App Online <3.0.5 - Auth Bypass
CVSS 9.8
CVE-2024-34524 CRITICAL
XLANG OpenAgents <fe73ac4 - Info Disclosure
CVSS 9.1
CVE-2024-31463 MEDIUM
Ironic-image <24.1.1 - Missing Authentication on Ironic API in Reverse Proxy Mode
CVSS 4.7
CVE-2024-1646 HIGH
lollms-webui < 9.3 - Unauthenticated Authentication Bypass via Host Parameter Check
CVSS 8.2
CVE-2024-31814 HIGH
TOTOLINK EX200 V4.0.3c.7646_B20201211 - Auth Bypass
CVSS 8.8
CVE-2024-26566 HIGH
Cute Http File Server <3.1 - Privilege Escalation
CVSS 8.2
CVE-2024-2056 CRITICAL
Artica Proxy - Unauthenticated Arbitrary File Read via Exposed Tailon Service
CVSS 9.8
CVE-2024-2055 CRITICAL
Artica Proxy - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits