Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 435

435 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-7781 Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover — Jupiter X Core 8.1 High2024-09-26
CVE-2024-43692 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Authentication Bypass Using an Alternate Path or Channel — ProGauge MAGLINK LX CONSOLE 9.8 Critical2024-09-24
CVE-2024-8277 WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation — WooCommerce Photo Reviews Premium 9.8 Critical2024-09-11
CVE-2024-8012 Ivanti Workspace Control 安全漏洞 — Workspace Control 7.8 High2024-09-10
CVE-2024-41173 Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD — IPC Diagnostics package 7.8 High2024-08-27
CVE-2024-7125 Authentication Bypass Vulnerability in Hitachi Ops Center Common Services — Hitachi Ops Center Common Services 7.8 High2024-08-27
CVE-2024-35151 IBM OpenPages information disclosure — OpenPages with Watson 6.5 Medium2024-08-22
CVE-2024-35214 Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows — CylanceOPTICS for Windows 7.1AIHighAI2024-08-20
CVE-2024-7628 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover — MStore API – Create Native Android & iOS Apps On The Cloud 8.1 High2024-08-15
CVE-2024-35124 IBM OpenBMC authentication bypass — OpenBMC 7.5 High2024-08-13
CVE-2024-6684 Authentication Bypass in GST Electronics' inohom Nova Panel N7 — inohom Nova Panel N7 9.8AICriticalAI2024-08-12
CVE-2024-7503 WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover — WooCommerce - Social Login 9.8 Critical2024-08-10
CVE-2024-7350 Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress 9.8 Critical2024-08-08
CVE-2024-7314 anji-plus AJ-Report Authentication Bypass — AJ-Report 9.8 Critical2024-08-02
CVE-2024-7007 Authentication Bypass Using an Alternate Path or Channel in Positron Broadcast Signal Processor TRA7005 — Broadcast Signal Processor TRA7005 9.8AICriticalAI2024-07-25
CVE-2024-7027 WooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor — WooCommerce - PDF Vouchers 7.3 High2024-07-24
CVE-2024-38437 D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel — DSL-225 9.8 Critical2024-07-21
CVE-2024-6635 WooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication Bypass — WooCommerce - Social Login 7.3 High2024-07-20
CVE-2024-5620 Authentication Bypass in PruvaSoft Informatics' Apinizer Management Console — Apinizer Management Console 6.5 Medium2024-07-18
CVE-2024-6328 MStore API – Create Native Android & iOS Apps On The Cloud <= 4.14.7 - Authentication Bypass — MStore API – Create Native Android & iOS Apps On The Cloud 9.8 Critical2024-07-12
CVE-2024-6397 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin — InstaWP Connect – 1-click WP Staging & Migration 9.8 Critical2024-07-11
CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability — parse-server 9.8 Critical2024-07-01
CVE-2024-28200 N-central Authentication Bypass — N-central 9.1 Critical2024-07-01
CVE-2024-5322 N-central Authentication Bypass via Session Rebinding — N-central 9.1 Critical2024-07-01
CVE-2024-2973 Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed — Session Smart Router 10.0 Critical2024-06-27
CVE-2024-31916 IBM OpenBMC information disclosure — OpenBMC 7.5 High2024-06-27
CVE-2024-5432 Lifeline Donation <= 1.2.6 - Authentication Bypass — Lifeline Donation 9.8 Critical2024-06-20
CVE-2024-3496 Authentication Bypass Vulnerability — Toshiba Tec e-Studio multi-function peripheral (MFP) 8.8 High2024-06-14
CVE-2024-38279 Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) — Vigilant Fixed LPR Coms Box (BCAV1F2-C600) 4.6AIMediumAI2024-06-13
CVE-2024-2012 Hitachi FOXMAN-UN 安全漏洞 — FOXMAN-UN 9.1 Critical2024-06-11

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.