CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

569 vulnerabilities with CWE-288
CVE-2025-7642 CRITICAL
Simpler Checkout 0.7.0-1.1.9 - Auth Bypass
CVSS 9.8
CVE-2025-55623 MEDIUM
Reolink v4.54.0.4.20250526 - Auth Bypass
CVSS 5.4
CVE-2025-50904 CRITICAL
WinterChenS my-site < 2025-06-11 - Unauthenticated Authentication Bypass via /admin/ API
CVSS 9.8
CVE-2025-27129 CRITICAL
Tenda AC6 V5.0 V02.03.01.110 - Auth Bypass
CVSS 9.8
CVE-2025-24496 HIGH
Tenda AC6 V5.0 V02.03.01.110 - Information Disclosure via /goform/getproductInfo
CVSS 7.5
CVE-2025-54713 CRITICAL
Taxi Booking Manager for WooCommerce <1.3.0 - Auth Bypass
CVSS 9.8
CVE-2025-52338 MEDIUM
LogicData eCommerce Framework <5.0.9.7000 - Auth Bypass
CVSS 5.3
CVE-2025-3639 LOW
Liferay Portal 7.3.0-7.4.3.132 & DXP - Unauthenticated Authentication Bypass via POST to GET
CVE-2025-8995 CRITICAL
Authenticator Login < 2.1.4 - Authentication Bypass via Alternate Path
CVSS 9.8
CVE-2025-51452 CRITICAL
TOTOLINK A7000R <9.1.0u.6115_B20201022 - Auth Bypass
CVSS 9.8
CVE-2025-40761 HIGH
Siemens RUGGEDCOM ROX - Authentication Bypass via Built-In-Self-Test Mode
CVSS 7.6
CVE-2025-40743 HIGH
SINUMERIK 828D/840D/ONE/MC Authentication Bypass via VNC Access Service
CVSS 8.3
CVE-2025-55012 HIGH
Zed < 0.197.3 Agent Panel - Permission Bypass Code Execution
CVE-2025-53187 CRITICAL
ABB ASPECT < 3.08.04-s01 - Unauthenticated Authentication Bypass via Debug Code
CVSS 9.8
CVE-2025-24000 HIGH
WPExperts Post SMTP <3.2.0 - Auth Bypass
CVSS 8.8
CVE-2025-44957 HIGH
Ruckus SmartZone < 6.1.2 - Authentication Bypass via Crafted HTTP Headers
CVSS 8.5
CVE-2025-7710 CRITICAL
Brave Conversion Engine (PRO) - Auth Bypass
CVSS 9.8
CVE-2025-6895 CRITICAL
Melapress Login Security <2.1.1 - Auth Bypass
CVSS 9.8
CVE-2025-7742 HIGH
LG Innotek camera model LNV5110R - RCE
CVE-2025-31512 HIGH
AlertEnterprise Guardian <4.1.14.2.2.1 - Auth Bypass
CVSS 7.3
CVE-2025-34143 CRITICAL
ETQ Reliance CG (legacy) < MP-4583 - Auth Bypass & RCE via SYSTEM Impersonation
CVE-2025-7692 HIGH
Orion Login with SMS <1.0.5 - Auth Bypass
CVSS 8.1
CVE-2025-7444 CRITICAL
LoginPress Pro <5.0.1 - Auth Bypass
CVSS 9.8
CVE-2025-1313 HIGH
Nokri - Job Board WordPress Theme <1.6.3 - Privilege Escalation
CVSS 8.8
CVE-2025-30026 CRITICAL
AXIS Camera Station Server - Auth Bypass
CVSS 9.8
Details
Vulnerabilities 569
Links
MITRE CWE Entry Search this CWE With Exploits