Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 436

436 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-23480 Blinko: Low Privilege User Privilege Escalation - upsertUser Endpoint — blinko 8.8 -2026-03-23
CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints — Spring Security 8.2 High2026-03-19
CVE-2026-22731 Authentication Bypass under Actuator Health groups paths — Spring Boot 8.2 High2026-03-19
CVE-2026-32031 OpenClaw < 2026.2.26 - Authentication Bypass via Path Canonicalization Mismatch in /api/channels Gateway — OpenClaw 4.8 Medium2026-03-19
CVE-2026-32004 OpenClaw < 2026.3.2 - Authentication Bypass via Encoded Path in /api/channels Route — OpenClaw 6.5 Medium2026-03-19
CVE-2026-25471 WordPress Admin Safety Guard plugin <= 1.2.7 - Broken Authentication vulnerability — Admin Safety Guard 8.1 High2026-03-19
CVE-2026-32130 ZITADEL SCIM Authentication Bypass via URL Encoding — zitadel 7.5 High2026-03-11
CVE-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 4.3 Medium2026-03-11
CVE-2026-27842 Micro Research MR-GM5L-S1和Micro Research MR-GM5A-L1 安全漏洞 — MR-GM5L-S1 9.1AICriticalAI2026-03-11
CVE-2026-26117 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability — Arc Enabled Servers - Azure Connected Machine Agent 7.8 High2026-03-10
CVE-2026-22572 Fortinet FortiManager多款产品 安全漏洞 — FortiManager 6.8 High2026-03-10
CVE-2026-27390 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability — WeDesignTech Ultimate Booking Addon 9.8 -2026-03-05
CVE-2026-27389 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability — WeDesignTech Ultimate Booking Addon 9.8 -2026-03-05
CVE-2026-30777 EC-CUBE 安全漏洞 — EC-CUBE 4.1 series 7.2 -2026-03-05
CVE-2026-20079 Cisco Secure Firewall Management Center 安全漏洞 — Cisco Secure Firewall Management Center (FMC) 10.0 Critical2026-03-04
CVE-2026-2628 All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass — All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login 9.8 Critical2026-03-03
CVE-2026-28411 WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)` — WeGIA 9.8 Critical2026-02-27
CVE-2026-27707 Plex-configured Seerr instances vulnerable to unauthenticated account registration via Jellyfin authentication endpoint — seerr 7.3 High2026-02-27
CVE-2026-22205 SPIP < 4.4.10 Authentication Bypass via PHP Type Juggling — SPIP 7.5 High2026-02-26
CVE-2026-1241 Authentication Bypass Using an Alternate Path or Channel in Pelco, Inc. Sarix Pro 3 Series IP Cameras — Sarix Professional IMP 3 Series 9.1AICriticalAI2026-02-26
CVE-2026-1779 User Registration & Membership <= 5.1.2 - Authentication Bypass — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 8.1 High2026-02-26
CVE-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 4.3 Medium2026-02-25
CVE-2026-22341 WordPress Booked plugin <= 3.0.0 - Account Takeover vulnerability — Booked 6.7 Medium2026-02-20
CVE-2025-68895 WordPress AhaChat Messenger Marketing plugin <= 1.1 - Broken Authentication vulnerability — AhaChat Messenger Marketing 9.8AICriticalAI2026-02-20
CVE-2025-67998 WordPress Miraculous Elementor plugin <= 2.0.7 - Broken Authentication vulnerability — Miraculous Elementor 9.8AICriticalAI2026-02-20
CVE-2026-2540 Micca KE700 Acceptance of previously used rolling codes — Car Alarm System KE700 6.8AIMediumAI2026-02-15
CVE-2026-1618 Admin Account Takeover in Universal Sotware's FlexCity/Kiosk — FlexCity/Kiosk 8.8 High2026-02-13
CVE-2020-37156 BloodX 1.0 - Authentication Bypass — BloodX 6.5 Medium2026-02-11
CVE-2026-1603 Ivanti Endpoint Manager 安全漏洞 — Endpoint Manager 8.6 High2026-02-10
CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton — Agentflow 9.8 Critical2026-02-10

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 436 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.