Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 435

435 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-11621 Vault AWS auth method bypass due to AWS client cache — Vault 8.1 High2025-10-23
CVE-2025-60041 WordPress Emails Catch All plugin <= 3.5.3 - Broken Authentication vulnerability — Emails Catch All 8.8 High2025-10-22
CVE-2025-49901 WordPress Simple Link Directory plugin < 14.8.1 - Broken Authentication vulnerability — Simple Link Directory 9.8AICriticalAI2025-10-22
CVE-2025-11534 Authentication Bypass Using an Alternate Path or Channel in Raisecomm RAX701-GC Series — RAX701-GC-WP-01 P200R002C52 9.8AICriticalAI2025-10-21
CVE-2025-58133 Zoom Rooms Clients - Authentication Bypass — Zoom Rooms 5.3 Medium2025-10-15
CVE-2025-10294 OwnID Passwordless Login <= 1.3.4 - Authentication Bypass — OwnID Passwordless Login 9.8 Critical2025-10-15
CVE-2025-9967 Orion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account Takeover — Orion SMS OTP Verification. 9.8 Critical2025-10-15
CVE-2025-8093 Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098 — Authenticator Login 9.8AICriticalAI2025-10-10
CVE-2025-11522 Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover — Search & Go - Directory WordPress Theme 9.8 Critical2025-10-09
CVE-2025-9914 SICK AG Baggage Analytics 安全漏洞 — Baggage Analytics 4.3 Medium2025-10-06
CVE-2025-6388 Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation — Spirit Framework 9.8 Critical2025-10-03
CVE-2025-10653 Raise3D Pro2 Series 3D Printers Authentication Bypass Using an Alternate Path or Channel — Pro2 Series 8.6 High2025-10-02
CVE-2025-22862 Fortinet FortiOS 安全漏洞 — FortiProxy 6.3 Medium2025-10-02
CVE-2025-61733 Apache Kylin: Authentication bypass — Apache Kylin 9.8AICriticalAI2025-10-02
CVE-2025-10538 Authentication Bypass in LG Innotek Camera — Camera Model LND7210 7.5AIHighAI2025-10-01
CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function — LatePoint – Calendar Booking Plugin for Appointments and Events 8.2 High2025-09-30
CVE-2025-5955 Service Finder SMS System <= 2.0.0 - Authentication Bypass — Service Finder SMS System 8.1 High2025-09-19
CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin — AdForest 9.8 Critical2025-09-06
CVE-2025-54738 WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability — Jobmonster 9.8 Critical2025-08-28
CVE-2025-54725 WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability — Golo 9.8 Critical2025-08-28
CVE-2025-34520 Arcserve UDP < 10.2 Authentication Bypass — Unified Data Protection (UDP) 9.8AICriticalAI2025-08-27
CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login — Case Theme User 9.8 Critical2025-08-23
CVE-2025-5060 Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover — Bravis User 8.1 High2025-08-23
CVE-2025-7642 Simpler Checkout 0.7.0 - 1.1.9 - Authentication Bypass — Simpler Checkout 9.8 Critical2025-08-23
CVE-2025-24496 Tenda AC6 安全漏洞 — AC6 V5.0 7.5 High2025-08-20
CVE-2025-27129 Tenda AC6 安全漏洞 — AC6 V5.0 9.8 Critical2025-08-20
CVE-2025-54713 WordPress Taxi Booking Manager for WooCommerce plugin <= 1.3.0 - Broken Authentication vulnerability — Taxi Booking Manager for WooCommerce 9.8 Critical2025-08-20
CVE-2025-3639 Liferay Portal和Liferay DXP 安全漏洞 — Portal 9.8AICriticalAI2025-08-18
CVE-2025-8995 Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096 — Authenticator Login 9.8AICriticalAI2025-08-15
CVE-2024-26009 Fortinet多款产品 安全漏洞 — FortiProxy 7.9 High2025-08-12

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.