CWE-288
Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
522 vulnerabilities with CWE-288
CVE-2025-11621
HIGH
Hashicorp Vault < 1.16.27 - Authentication Bypass
CVSS 8.1
CVE-2025-60041
HIGH
Iulia Cazan Emails Catch All <3.5.3 - Auth Bypass
CVSS 8.8
CVE-2025-49901
CRITICAL
quantumcloud Simple Link Directory <14.8.1 - Auth Bypass
CVSS 9.8
CVE-2025-11534
CRITICAL
Raisecom - Unauthenticated RCE
CVE-2025-58133
MEDIUM
Zoom Rooms < 6.5.1 - Authentication Bypass
CVSS 5.3
CVE-2025-9967
CRITICAL
Orion SMS OTP Verification <1.1.7 - Privilege Escalation
CVSS 9.8
CVE-2025-10294
CRITICAL
OwnID Passwordless Login <1.3.4 - Auth Bypass
CVSS 9.8
CVE-2025-55338
MEDIUM
Windows BitLocker - Privilege Escalation
CVSS 6.1
CVE-2025-8093
HIGH
Authenticator Login < 2.1.8 - Authentication Bypass
CVSS 8.8
CVE-2025-11522
CRITICAL
Search & Go - Directory WordPress Theme <2.7 - Auth Bypass
CVSS 9.8
CVE-2025-34251
HIGH
Tesla TCU <2025.14 - Auth Bypass
CVE-2025-9914
MEDIUM
System - Info Disclosure
CVSS 4.3
CVE-2025-61673
HIGH
Karapace 5.0.0-5.0.1 - Auth Bypass
CVSS 8.6
CVE-2025-6388
CRITICAL
Spirit Framework plugin - Auth Bypass
CVSS 9.8
CVE-2025-10653
HIGH
Unspecified Product <Version> - Info Disclosure
CVSS 8.6
CVE-2025-22862
MEDIUM
Fortinet Fortios < 7.2.12 - Authentication Bypass
CVSS 6.7
CVE-2025-61733
HIGH
Apache Kylin < 5.0.3 - Authentication Bypass
CVSS 7.5
CVE-2025-10538
HIGH
LG Innotek - Auth Bypass
CVE-2025-7038
HIGH
LatePoint plugin - Auth Bypass
CVSS 8.2
CVE-2025-5955
HIGH
Service Finder SMS System <2.0.0 - Auth Bypass
CVSS 8.1
CVE-2025-10531
MEDIUM
Firefox <143 - Privilege Escalation
CVSS 5.4
CVE-2025-8359
CRITICAL
AdForest theme <6.0.9 - Auth Bypass
CVSS 9.8
CVE-2025-57819
CRITICAL
KEV
Sangoma Freepbx < 15.0.66 - SQL Injection
CVSS 9.8
CVE-2025-54738
CRITICAL
NooTheme Jobmonster <4.7.9 - Auth Bypass
CVSS 9.8
CVE-2025-54725
CRITICAL
uxper Golo <1.7.0 - Auth Bypass
CVSS 9.8
Details
Vulnerabilities
522