Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 435

435 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPaused
CVE-2026-40630 SenseLive X3050 Authentication bypass using an alternate path or channel — X3050 9.8 Critical2026-04-23
CVE-2026-41059 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex — oauth2-proxy 8.2 High2026-04-21
CVE-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout — CRM 9.8AICriticalAI2026-04-17
CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service — Vault 8.1 High2026-04-17
CVE-2026-3324 Authentication Bypass — ManageEngine Log360 8.2 High2026-04-16
CVE-2026-3461 Visa Acceptance Solutions <= 2.1.0 - Unauthenticated Authentication Bypass via Billing Email — Visa Acceptance Solutions 9.8 Critical2026-04-15
CVE-2026-35664 OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35661 OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35654 OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35647 OpenClaw < 2026.3.25 - Direct Message Policy Bypass via Verification Notices — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35642 OpenClaw < 2026.3.25 - Authorization Bypass in Group Reactions via requireMention Bypass — OpenClaw 4.3 Medium2026-04-09
CVE-2026-35634 OpenClaw < 2026.3.23 - Authentication Bypass via Local-Direct Requests in Canvas Gateway — OpenClaw 5.1 Medium2026-04-09
CVE-2026-5557 badlogic pi-mono pi-mom Slack Bot slack.ts authentication bypass — pi-mono 6.3 Medium2026-04-05
CVE-2026-34581 goshs has Auth Bypass via Share Token — goshs 8.1 High2026-04-02
CVE-2026-29139 GINA State Confusion Account Takeover — Secure Email Gateway 9.8AICriticalAI2026-04-02
CVE-2026-34372 Sulu checks fix permissions for subentities endpoints — sulu 4.3 -2026-03-31
CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body — moby 8.8 High2026-03-31
CVE-2026-32678 BUFFALO Wi-Fi router 安全漏洞 — BUFFALO Wi-Fi router products 8.8 -2026-03-27
CVE-2026-3531 OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026 — OpenID Connect / OAuth client 9.8AICriticalAI2026-03-26
CVE-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 6.8 Medium2026-03-25
CVE-2026-27049 WordPress Jobica Core plugin <= 1.4.2 - Account Takeover vulnerability — Jobica Core 9.8 Critical2026-03-25
CVE-2026-25406 WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability — Tutor LMS Pro 8.1 High2026-03-25
CVE-2026-25357 WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability — Ultimate Membership Pro 8.1 High2026-03-25
CVE-2026-25035 WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability — Contest Gallery 9.8 Critical2026-03-25
CVE-2026-25002 WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability — LearnPress &#8211; Sepay Payment 9.8 -2026-03-25
CVE-2026-24359 WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability — Dokan 8.8 High2026-03-25
CVE-2026-3214 CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015 — CAPTCHA 9.1 -2026-03-25
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008 — Login Disable 9.8 -2026-03-25
CVE-2026-33315 Vikunja has a 2FA Bypass via Caldav Basic Auth — vikunja 5.3 -2026-03-24
CVE-2026-23480 Blinko: Low Privilege User Privilege Escalation - upsertUser Endpoint — blinko 8.8 -2026-03-23

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.