CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

521 vulnerabilities with CWE-288
CVE-2025-14714 MEDIUM
LibreOffice - Auth Bypass
CVSS 6.5
CVE-2025-11984 MEDIUM
GitLab CE/EE <18.4.6-18.6.2 - Auth Bypass
CVSS 6.8
CVE-2025-67507 HIGH
Filament < 4.3.1 - Authentication Bypass
CVSS 8.1
CVE-2025-66200 MEDIUM
Apache HTTP Server <2.4.66 - Auth Bypass
CVSS 5.4
CVE-2025-66238 HIGH
DCIM dcTrack - SSRF
CVSS 7.2
CVE-2025-13539 CRITICAL
FindAll Membership <1.0.4 - Auth Bypass
CVSS 9.8
CVE-2025-10571 CRITICAL
ABB Ability Edgenius <3.2.1.1 - Auth Bypass
CVSS 9.6
CVE-2025-63217 CRITICAL
Itel DAB MUX - Auth Bypass
CVSS 9.8
CVE-2025-12760 MEDIUM
Drupal Email TFA <2.0.6 - Auth Bypass
CVSS 5.4
CVE-2025-64530 HIGH
Apollo Federation <2.9.5-2.12.1 - Auth Bypass
CVSS 7.5
CVE-2025-59367 CRITICAL
Asus Dsl-ac51 Firmware < 1.1.2.3_1010 - Missing Authentication
CVSS 9.8
CVE-2025-64281 CRITICAL
Centralsquare Community Development - Authentication Bypass
CVSS 9.8
CVE-2025-13018 HIGH
Firefox < 145 - Firefox ESR < 140.5 - Thunderbird < 145 - Thunderbi...
CVSS 8.1
CVE-2025-13013 MEDIUM
Firefox < 145 - Firefox ESR < 140.5-115.30 - Mitigation Bypass
CVSS 6.1
CVE-2025-12445 MEDIUM
Google Chrome <142.0.7444.59 - CSRF
CVSS 6.5
CVE-2025-12431 MEDIUM
Google Chrome <142.0.7444.59 - Auth Bypass
CVSS 6.5
CVE-2025-64173 HIGH
Apollo Router Core <2.8.1-rc.0 - Info Disclosure
CVSS 7.5
CVE-2025-62064 CRITICAL
Elated-Themes Search & Go <2.7 - Auth Bypass
CVSS 9.8
CVE-2025-59392 MEDIUM
Elspec G5 <1.2.2.19 - Privilege Escalation
CVSS 6.8
CVE-2025-43436 HIGH
tvOS 26.1- iPadOS 26.1 - Info Disclosure
CVSS 7.5
CVE-2025-43422 MEDIUM
iOS <26.1 - Info Disclosure
CVSS 4.6
CVE-2025-5397 CRITICAL
Noo JobMonster <4.8.1 - Auth Bypass
CVSS 9.8
CVE-2025-12466 HIGH
Simple Oauth < 6.0.7 - Authentication Bypass
CVSS 7.5
CVE-2025-9313 CRITICAL
Asseco mMedica <11.9.5 - Info Disclosure
CVE-2025-11621 HIGH
Hashicorp Vault < 1.16.27 - Authentication Bypass
CVSS 8.1
Details
Vulnerabilities 521
Links
MITRE CWE Entry Search this CWE With Exploits