CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 436

436 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-2012	Hitachi FOXMAN-UN 安全漏洞 — FOXMAN-UN	9.1	Critical	2024-06-11
CVE-2024-2013	Hitachi FOXMAN-UN 安全漏洞 — FOXMAN-UN	10.0	Critical	2024-06-11
CVE-2024-4552	Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass — Social Login Lite For WooCommerce	9.8	Critical	2024-06-04
CVE-2024-36470	JetBrains TeamCity 安全漏洞 — TeamCity	8.1	High	2024-05-29
CVE-2024-5150	Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check — OTP Login With Phone Number, OTP Verification	9.8	Critical	2024-05-29
CVE-2024-5204	Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass — Swiss Toolkit For WP	8.8	High	2024-05-29
CVE-2024-4544	Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass — Pie Register - Social Sites Login (Add on)	9.8	Critical	2024-05-24
CVE-2024-4393	Social Connect <= 1.2 - Authentication Bypass — Social Connect	9.8	Critical	2024-05-08
CVE-2024-4186	Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check — Edwiser Bridge – WordPress Moodle Integration	9.8	Critical	2024-05-07
CVE-2024-31463	Ironic-image allows unauthenticated local access to Ironic API — ironic-image	4.7	Medium	2024-04-17
CVE-2024-1646	Authentication Bypass in parisneo/lollms-webui — parisneo/lollms-webui	9.8	-	2024-04-16
CVE-2024-2056	Artica Proxy Loopback Services Remotely Accessible Unauthenticated — Artica Proxy	7.5^AI	High^AI	2024-03-05
CVE-2024-2055	Artica Proxy Unauthenticated File Manager Vulnerability — Artica Proxy	9.8^AI	Critical^AI	2024-03-05
CVE-2024-27198	JetBrains TeamCity 安全漏洞 — TeamCity	9.8	Critical	2024-03-04
CVE-2024-1525	Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab	5.3	Medium	2024-02-21
CVE-2024-1709	Authentication bypass using an alternate path or channel — ScreenConnect	10.0	Critical	2024-02-21
CVE-2024-21491	svix 安全漏洞 — svix	5.9	Medium	2024-02-13
CVE-2024-23917	JetBrains TeamCity 安全漏洞 — TeamCity	9.8	Critical	2024-02-06
CVE-2023-6718	Authentication Bypass Using an Alternate Path or Channel in Repox — Repox	9.4	Critical	2023-12-13
CVE-2023-2437	UserPro <= 5.1.1 - Authentication Bypass to Administrator — UserPro - Community and User Profile WordPress Plugin	9.8	Critical	2023-11-22
CVE-2023-42770	Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel — ST-IPm-8460	10.0	Critical	2023-11-21
CVE-2023-3277	MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation — MStore API – Create Native Android & iOS Apps On The Cloud	9.8	Critical	2023-11-03
CVE-2023-41351	Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control — NOKIA G-040W-Q	9.8	Critical	2023-11-03
CVE-2023-20247	Cisco Firepower Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software	5.0	Medium	2023-11-01
CVE-2023-46747	BIG-IP Configuration utility unauthenticated remote code execution vulnerability — BIG-IP	9.8	Critical	2023-10-26
CVE-2023-39930	PingFederate PingID Radius PCV Authentication Bypass — PingID Radius PCV	7.5	High	2023-10-24
CVE-2023-39231	PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass — PingOne MFA Integration Kit	7.3	High	2023-10-24
CVE-2023-43045	IBM Sterling Partner Engagement Manager security bypass — Sterling Partner Engagement Manager	5.9	Medium	2023-10-23
CVE-2021-4353	WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Unauthenticated Settings Import/Export — WooCommerce Dynamic Pricing and Discounts	5.3	Medium	2023-10-20
CVE-2023-4957	Authentication Bypass on Zebra ZTC — ZTC ZT410	5.4	Medium	2023-10-11

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 436 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 436