Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-288

CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288

CVE-2024-27198 CRITICAL KEV

TeamCity < 2023.11.4 - Authentication Bypass

CVE-2024-1525 MEDIUM

GitLab CE/EE <16.7.6-16.8.3-16.9.1 - Auth Bypass

CVE-2024-1709 CRITICAL KEV

ConnectWise ScreenConnect < 23.9.8 - Authentication Bypass

CVE-2024-21491 MEDIUM

svix-webhooks < 1.17.0 - Authentication Bypass via Signature Length Mismatch

CVE-2024-23917 CRITICAL

JetBrains TeamCity > 2023.11.3 - Authentication Bypass

CVE-2023-49564 HIGH

Nokia CBIS/NCS - Unauthenticated Authentication Bypass via Crafted HTTP Header

CVE-2023-37057 CRITICAL

Jlink AX1800 1.0 - Remote Code Execution via Authentication Mechanism

CVE-2023-50915 MEDIUM

GOG Galaxy (Beta) <2.0.71.2 - Privilege Escalation

CVE-2023-50272 HIGH

HPE Integrated Lights-Out 5 2.63-3.00 and iLO 6 1.05-1.55 - Authentication Bypass

CVE-2023-6718 CRITICAL

Repox - Unauthenticated User Creation and Modification via Crafted POST Request

CVE-2023-2437 CRITICAL

UserPro < 5.1.1 - Unauthenticated Authentication Bypass via Facebook Login

CVE-2023-42770 CRITICAL

Redlioncontrols St-ipm-6350 Firmware - Missing Authentication

CVE-2023-3277 CRITICAL

MStore API < 4.10.7 - Unauthenticated Account Access and Privilege Escalation via Apple Login Feature

CVE-2023-41351 CRITICAL

Chunghwa Telecom NOKIA G-040W-Q - Auth Bypass

CVE-2023-20247 MEDIUM

Cisco Adaptive Security Appliance Software - Authentication Bypass via Remote Access SSL VPN

CVE-2023-46747 CRITICAL KEV

F5 BIG-IP 13.1.0-13.1.4 - Unauthenticated Remote Command Execution via Configuration Utility Bypass

CVE-2023-39930 HIGH

PingID Radius PCV 3.0.0-3.0.3 - Unauthenticated First-Factor Authentication Bypass via Malicious RADIUS Client Request

CVE-2023-39231 HIGH

PingFederate PingOne MFA Integration Kit - Missing Authentication for MFA Device Pairing

CVE-2023-43045 MEDIUM

IBM Sterling Partner Engagement Manager <6.2.2 - Privilege Escalation

CVE-2023-46319 HIGH

WALLIX Bastion <9.0.9, <10.0.5 - Info Disclosure

CVE-2023-4957 MEDIUM

Zebra ZT410 Firmware - Authentication Bypass via setvarsResults.cgi POST Request

CVE-2023-42771 HIGH

FurunoSystems ACERA 1310 and 1320 Firmware < 01.26 - Unauthenticated Authentication Bypass

CVE-2023-1260 HIGH

kube-apiserver - Authentication Bypass via Ephemeral Containers Subresource

CVE-2023-42793 CRITICAL KEV

JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution

CVE-2023-4702 CRITICAL

Yepas Digital Yepas < 1.0.1 - Authentication Bypass

Previous Page 18 of 23 Next

Details

Vulnerabilities 569

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy