Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 435

435 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-40761 Siemens多款产品 安全漏洞 — RUGGEDCOM ROX MX5000 7.6 High2025-08-12
CVE-2025-40743 Siemens多款产品 安全漏洞 — SINUMERIK 828D PPU.4 8.3 High2025-08-12
CVE-2025-55012 Zed AI Agent Remote Code Execution — zed 8.4AIHighAI2025-08-11
CVE-2025-53187 Unauthenticated RCE — ASPECT 9.8 Critical2025-08-11
CVE-2025-24000 WordPress Post SMTP plugin <= 3.2.0 - Account Takeover Vulnerability — Post SMTP 8.8 High2025-08-07
CVE-2025-44957 RUCKUS SmartZone 安全漏洞 — SmartZone 8.5 High2025-08-04
CVE-2025-7710 Brave Conversion Engine (PRO) <= 0.7.7 - Authentication Bypass to Administrator — Brave Conversion Engine (PRO) 9.8 Critical2025-08-02
CVE-2025-6895 MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function — Melapress Login Security 9.8 Critical2025-07-26
CVE-2025-7742 Authentication Bypass in LG Innotek Camera — Camera Model LNV5110R 9.8 -2025-07-24
CVE-2025-34143 ETQ Reliance CG Authentication Bypass via Trailing Space RCE — Reliance CG (legacy) 9.8 -2025-07-22
CVE-2025-7692 Orion Login with SMS <= 1.0.5 - Authentication Bypass via Weak OTP — Orion Login with SMS 8.1 High2025-07-22
CVE-2025-7444 LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider — LoginPress Pro 9.8 Critical2025-07-18
CVE-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover — Nokri – Job Board WordPress Theme 8.8 High2025-07-12
CVE-2025-30026 AXIS Camera Station 安全漏洞 — AXIS Camera Station Pro 9.8AICriticalAI2025-07-11
CVE-2025-53099 Sentry Missing Invalidation of Authorization Codes During OAuth Exchange and Revocation — sentry 7.4AIHighAI2025-07-01
CVE-2025-25171 WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability — WP SmartPay 8.8 High2025-06-27
CVE-2025-6688 Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin — Simple Payment 9.8 Critical2025-06-27
CVE-2025-6675 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082 — Enterprise MFA - TFA for Drupal 9.8AICriticalAI2025-06-26
CVE-2025-5820 Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability — XAV-AX8500 8.8AIHighAI2025-06-21
CVE-2025-51381 KAON KCM3100 安全漏洞 — KCM3100 8.8AIHighAI2025-06-18
CVE-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources — Apache Tomcat 9.1 -2025-06-16
CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account' — Workreap 9.8 Critical2025-06-12
CVE-2025-30184 CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel — 011209 SIP Emergency Intercom 9.8 Critical2025-06-09
CVE-2025-31022 WordPress PayU India plugin < 3.8.8 - Account Takeover vulnerability — PayU India 9.8 Critical2025-06-09
CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability — Password Policy Manager 8.8 High2025-06-09
CVE-2025-48904 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.4 Medium2025-06-06
CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover — Golo - City Travel Guide WordPress Theme 9.8 Critical2025-06-03
CVE-2025-5190 Browse As <= 0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie — Browse As 8.8 High2025-05-30
CVE-2025-48926 TeleMessage 安全漏洞 — service 4.3 Medium2025-05-28
CVE-2025-47461 WordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerability — Subaccounts for WooCommerce 8.8 High2025-05-23

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.