CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

521 vulnerabilities with CWE-288
CVE-2026-22037 HIGH
@fastify/express <4.0.3 - Auth Bypass
CVSS 8.4
CVE-2026-21411 HIGH
OpenBlocks <FW5.0.8 - Auth Bypass
CVSS 8.8
CVE-2025-70082 CRITICAL
Lantronix EDS3000PS 3.1.0.0R2 - Code Injection
CVSS 9.8
CVE-2025-67041 CRITICAL
Lantronix EDS3000PS 3.1.0.0R2 - Command Injection
CVSS 9.8
CVE-2025-67039 CRITICAL
Lantronix EDS3000PS 3.1.0.0R2 - Auth Bypass
CVSS 9.1
CVE-2025-69985 CRITICAL
FUXA <=1.2.8 - Auth Bypass to RCE
CVSS 9.8
CVE-2025-68895 MEDIUM
AhaChat Messenger Marketing <=1.1 - Auth Bypass
CVSS 6.5
CVE-2025-67998 HIGH
Miraculous Elementor <=2.0.7 - Auth Bypass
CVSS 8.8
CVE-2025-13986 MEDIUM
Zyxware Disable Login Page < 1.1.3 - Authentication Bypass
CVSS 4.2
CVE-2025-13980 MEDIUM
Cksource Ckeditor 5 Premium Features < 1.2.10 - Authentication Bypass
CVSS 5.3
CVE-2025-21589 CRITICAL
Juniper Networks Session Smart Router <5.6.17-6.1.12-lts-6.2.8-lts-...
CVSS 9.8
CVE-2025-69101 CRITICAL
AmentoTech Workreap Core <3.4.0 - Auth Bypass
CVSS 9.8
CVE-2025-10484 CRITICAL
WooCommerce <1.3.1 - Auth Bypass
CVSS 9.8
CVE-2025-68707 HIGH
Tongyu AX1800 Wi-Fi 6 Router 1.0.0 - Auth Bypass
CVSS 8.8
CVE-2025-46286 MEDIUM
iOS <26.2 - Info Disclosure
CVSS 4.3
CVE-2025-67070 HIGH
Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T - Auth Bypass
CVSS 8.2
CVE-2025-67282 MEDIUM
TIM BPM Suite/TIM FLOW <9.1.2 - Privilege Escalation
CVSS 5.4
CVE-2025-67915 HIGH
Arraytics Timetics <1.0.47 - Auth Bypass
CVSS 8.8
CVE-2025-23504 CRITICAL
RiceTheme Felan Framework <1.1.4 - Auth Bypass
CVSS 9.8
CVE-2025-3652 MEDIUM
Petlibro < 1.7.31 - Information Disclosure
CVSS 5.3
CVE-2025-64121 CRITICAL
Nuvation Energy MSC <2.5.1 - Auth Bypass
CVSS 9.8
CVE-2025-68620 CRITICAL
Signal K Server <2.19.0 - Auth Bypass
CVSS 9.1
CVE-2025-15102 CRITICAL
DVP-12SE11T - Privilege Escalation
CVSS 9.1
CVE-2025-68860 CRITICAL
Mobile builder <1.4.2 - Auth Bypass
CVSS 9.8
CVE-2025-64236 CRITICAL
AmentoTech Tuturn <3.6 - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 521
Links
MITRE CWE Entry Search this CWE With Exploits