Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 435

435 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-34026 Versa Concerto Actuator Authentication Bypass Information Leak — Concerto 9.8AICriticalAI2025-05-21
CVE-2025-46412 Vertiv Liebert RDU101 and UNITY Authentication Bypass Using an Alternate Path or Channel — Liebert RDU101 9.8 Critical2025-05-21
CVE-2025-48011 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-062 — One Time Password 9.8AICriticalAI2025-05-21
CVE-2025-48010 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061 — One Time Password 9.8AICriticalAI2025-05-21
CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA — typo3 7.2 High2025-05-20
CVE-2024-33939 WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability — Masteriyo - LMS 5.3 Medium2025-05-19
CVE-2025-47710 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056 — Enterprise MFA - TFA for Drupal 9.8AICriticalAI2025-05-14
CVE-2025-47707 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053 — Enterprise MFA - TFA for Drupal 9.8AICriticalAI2025-05-14
CVE-2025-4427 Authentication Bypass — Endpoint Manager Mobile 5.3 Medium2025-05-13
CVE-2025-22462 Ivanti Neurons for ITSM 安全漏洞 — Neurons for ITSM (on-prem) 9.8 Critical2025-05-13
CVE-2025-40581 Siemens SCALANCE LPE9403 安全漏洞 — SCALANCE LPE9403 7.1 High2025-05-13
CVE-2025-0549 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLab 6.8 Medium2025-05-09
CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover — PeproDev Ultimate Profile Solutions 9.8 Critical2025-05-07
CVE-2024-12225 Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass 9.1 Critical2025-05-06
CVE-2025-1909 BuddyBoss Platform Pro <= 2.7.01 - Authentication Bypass via Apple OAuth provider — BuddyBoss Platform Pro 9.8 Critical2025-05-05
CVE-2025-47244 Inedo ProGet 安全漏洞 — ProGet 7.3 High2025-05-03
CVE-2025-2492 ASUS AiCloud 安全漏洞 — Router 9.8 -2025-04-18
CVE-2024-42178 HCL MyXalytics is affected by a failure to restrict URL access vulnerability — HCL MyXalytics 2.5 Low2025-04-17
CVE-2025-39535 WordPress Vitepos plugin <= 3.1.7 - Broken Authentication Vulnerability — Vitepos 7.2 High2025-04-17
CVE-2025-32357 Zammad 安全漏洞 — Zammad 4.3 Medium2025-04-05
CVE-2024-13553 SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation — SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery 9.8 Critical2025-04-01
CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required — Apache Pinot 9.8AICriticalAI2025-04-01
CVE-2025-22277 WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability — Vitepos 8.8 High2025-04-01
CVE-2025-31095 WordPress Material Dashboard plugin <= 1.4.5 - Privilege Escalation Vulnerability — Material Dashboard 9.8 Critical2025-04-01
CVE-2025-31694 Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023 — Two-factor Authentication (TFA) 9.4 -2025-03-31
CVE-2025-22230 Authentication bypass vulnerability — VMware Tools 7.8 High2025-03-25
CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass — Xperience 9.8 Critical2025-03-24
CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass — Xperience 9.8 Critical2025-03-24
CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover — Service Finder Bookings 9.8 Critical2025-03-19
CVE-2024-13772 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass — Civi - Job Board & Freelance Marketplace WordPress Theme 5.6 Medium2025-03-14

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.