Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-288

CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

568 vulnerabilities with CWE-288

CVE-2026-27707 HIGH

Seerr 2.0.0-3.0.9 - Unauthenticated Account Registration via Jellyfin Authentication Bypass

CVE-2026-22205 HIGH

SPIP < 4.4.10 - Unauthenticated Authentication Bypass via PHP Type Juggling

CVE-2026-1241 HIGH

Pelco Sarix Professional 3 Series - Auth Bypass

CVE-2026-1779 HIGH

WordPress User Registration & Membership <=5.1.2 - Auth Bypass

CVE-2026-1747 MEDIUM

GitLab 17.11-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Authenticated Privilege Escalation via Conan Package Modification

CVE-2026-27611 MEDIUM

FileBrowser Quantum <1.1.3/1.2.6 - Auth Bypass

CVE-2026-2791 CRITICAL

Firefox <148 & ESR <140.8 - Auth Bypass

CVE-2026-2784 CRITICAL

Firefox < 148.0 and < 140.8.0 - Authentication Bypass via DOM Security Mitigation

CVE-2026-2775 CRITICAL

Firefox <115.33.0, 115.33-115.*, <148.0, >=148; Thunderbird <140.8.0, 140.8-140.*, >=148 - Authentication Bypass

CVE-2026-22341 MEDIUM

Case-Themes Booked <=3.0.0 - Auth Bypass

CVE-2026-2540 HIGH

Micca Car Alarm System KE700 - Authentication Bypass via Replay Attack

CVE-2026-1618 HIGH

Universal Software Inc. FlexCity/Kiosk <1.0.36 - Privilege Escalation

CVE-2026-1603 HIGH KEV

Ivanti Endpoint Manager < 2024 SU5 - Unauthenticated Credential Data Leak

CVE-2026-2096 CRITICAL

Agentflow - Unauthenticated Database Manipulation via Missing Authentication

CVE-2026-2095 CRITICAL

Flowring Agentflow - Unauthenticated Authentication Bypass via Arbitrary Token Generation

CVE-2026-0948 MEDIUM

Drupal Microsoft Entra ID SSO Login < 1.0.4 - Authentication Bypass via Alternate Path

CVE-2026-24858 CRITICAL KEV

Fortinet FortiAnalyzer 7.0.0-7.0.15, 7.2.0-7.2.11, 7.4.0-7.4.9, 7.6.0-7.6.5 - Authentication Bypass via FortiCloud SSO

CVE-2026-23760 CRITICAL KEV

SmarterTools SmarterMail <9511 - Auth Bypass

CVE-2026-22037 HIGH

@fastify/express <4.0.3 - Auth Bypass

CVE-2026-21411 HIGH

OpenBlocks IoT DX1/EX/BX/IX9/VX2/IDM RX1 < FW5.0.8 - Unauthenticated Authentication Bypass

CVE-2025-41273 CRITICAL

Waterfall WF-500 < 7.9.1.0 R2502171040 - Authentication Bypass Using an Alternate Path or Channel

CVE-2025-68711 LOW

AppLockZ App Lock and Fingerprint Lock 4.2.11 - Unauthenticated PIN Lock Bypass via Insecure Navigation

CVE-2025-68708 LOW

SailingLab AppLock 4.3.8 - Unauthenticated PIN Lock Bypass via Insecure Intent Navigation

CVE-2025-68710 LOW

Easyelife App lock 1.9.2 - Unauthenticated PIN Lock Bypass via Insecure Navigation Flows

CVE-2025-70082 CRITICAL

Lantronix EDS3000PS 3.1.0.0R2 - Code Injection

Previous Page 5 of 23 Next

Details

Vulnerabilities 568

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy