Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-288

CWE-288

Authentication Bypass Using an Alternate Path or Channel

Parent: CWE-306 - Missing Authentication for Critical Function

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

522 vulnerabilities with CWE-288

CVE-2025-48011 MEDIUM

One Time Password < 8.x-1.3 - Authentication Bypass

CVE-2025-48010 MEDIUM

One Time Password < 8.x-1.3 - Authentication Bypass

CVE-2025-47941 HIGH

TYPO3 <12.4.31 LTS & <13.4.2 LTS - Auth Bypass

CVE-2025-47710 HIGH

Miniorange 2fa < 5.2.0 - Authentication Bypass

CVE-2025-47707 HIGH

Miniorange 2fa < 5.2.0 - Authentication Bypass

CVE-2025-3932 MEDIUM

Thunderbird < 128.10.1, < 138.0.1 - XSS

CVE-2025-4427 MEDIUM KEV

Ivanti Endpoint Manager Mobile < 11.12.0.5 - Authentication Bypass

CVE-2025-22462 CRITICAL

Ivanti Neurons For Itsm < 2023.4 - Authentication Bypass

CVE-2025-40581 HIGH

Siemens Scalance Lpe9403 Firmware - Authentication Bypass

CVE-2025-0549 MEDIUM

GitLab CE/EE <17.9.8, <17.10.6, <17.11.2 - Auth Bypass

CVE-2025-3844 CRITICAL

PeproDev Ultimate Profile Solutions <7.5.2 - Auth Bypass

CVE-2025-45607 CRITICAL

itranswarp <2.19 - Auth Bypass

CVE-2025-1909 CRITICAL

BuddyBoss Platform Pro <2.7.01 - Auth Bypass

CVE-2025-47244 HIGH

Inedo ProGet <2024.22 - SSRF

CVE-2025-24206 HIGH

Apple Ipados < 17.7.6 - Denial of Service

CVE-2025-2492 CRITICAL

AiCloud - Auth Bypass

CVE-2025-39535 HIGH

appsbd Vitepos <3.1.7 - Auth Bypass

CVE-2025-32357 MEDIUM

Zammad < 6.4.2 - Missing Authentication

CVE-2025-31095 CRITICAL

Material Dashboard <1.4.5 - Auth Bypass

CVE-2025-22277 HIGH

appsbd Vitepos <3.1.4 - Auth Bypass

CVE-2025-24095 HIGH

Apple Ipados < 18.4 - Denial of Service

CVE-2025-31694 HIGH

Drupal TFA <1.10.0 - Auth Bypass

CVE-2025-22230 HIGH

VMware Tools for Windows - Privilege Escalation

CVE-2025-2747 CRITICAL KEV

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

CVE-2025-2746 CRITICAL KEV

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)

Previous Page 9 of 21 Next

Details

Vulnerabilities 522

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy