Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 435

435 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12402 Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation — TC Ecommerce – Create Android & iOS Apps for WooCommerce 9.8 Critical2025-01-07
CVE-2024-56044 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability — WPLMS 9.8 Critical2024-12-31
CVE-2024-51464 IBM i authentication bypass — i 4.3 Medium2024-12-21
CVE-2024-11349 AdForest <= 5.1.6 - Authentication Bypass — AdForest 9.8 Critical2024-12-21
CVE-2024-43234 WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability — Woffice 9.8 -2024-12-16
CVE-2024-56013 WordPress Wovax IDX plugin <= 1.2.2 - Account Takeover vulnerability — Wovax IDX 8.8 High2024-12-16
CVE-2024-54336 WordPress Projectopia plugin <= 5.1.7 - Account Takeover vulnerability — Projectopia 8.8 High2024-12-13
CVE-2024-54297 WordPress vBSSO-lite plugin <= 1.4.3 - Account Takeover vulnerability — vBSSO-lite 9.8 Critical2024-12-13
CVE-2024-54296 WordPress CoSchool LMS plugin <= 1.4.3 - Account Takeover vulnerability — CoSchool LMS 9.8 Critical2024-12-13
CVE-2024-54294 WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability — Firebase OTP Authentication 9.8 Critical2024-12-13
CVE-2024-54295 WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability — ListApp Mobile Manager 9.8 Critical2024-12-13
CVE-2024-11639 Ivanti CSA 安全漏洞 — Cloud Services Application 10.0 Critical2024-12-10
CVE-2024-52586 eLabFTW MFA bypass — elabftw 5.4 Medium2024-12-09
CVE-2024-11178 Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP — Login with OTP 8.1 High2024-12-06
CVE-2024-25036 IBM Cognos Controller authentication bypass — Cognos Controller 4.3 Medium2024-12-03
CVE-2024-10490 Authentication bypass flaw in several mapp components — B&R mapp Cockpit 9.8 -2024-12-02
CVE-2024-11981 Billion Electric router - Authentication Bypass — M100 7.5 High2024-11-29
CVE-2024-52475 WordPress Wawp plugin < 3.0.18 - Account Takeover vulnerability — Wawp 9.8 Critical2024-11-28
CVE-2024-11925 WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation — JobSearch WP Job Board 9.8 Critical2024-11-28
CVE-2024-33610 Sharp MFP 安全漏洞 — Multiple MFPs (multifunction printers) 9.1 Critical2024-11-26
CVE-2024-10961 Social Login <= 5.9.0 - Authentication Bypass via Disqus OAuth provider — Social Login 9.8 Critical2024-11-23
CVE-2024-10311 External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass — External Database Based Actions 7.5 High2024-11-15
CVE-2024-10924 Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass — Really Simple Security Pro multisite 9.8 Critical2024-11-15
CVE-2024-47574 Fortinet FortiClient 安全漏洞 — FortiClientWindows 7.4 High2024-11-13
CVE-2024-11028 MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation — MultiManager WP – Manage All Your WordPress Sites Easily 9.8 Critical2024-11-13
CVE-2024-10245 Relais 2FA <= 1.0 - Authentication Bypass — Relais 2FA 9.8 Critical2024-11-12
CVE-2024-10284 CE21 Suite <= 2.2.0 - Authentication Bypass — CE21 Suite 9.8 Critical2024-11-09
CVE-2024-10081 CodeChecker 安全漏洞 — CodeChecker 10.0 Critical2024-11-06
CVE-2024-50503 WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability — User Toolkit 9.8 Critical2024-10-30
CVE-2024-9989 Crypto <= 2.18 - Authentication Bypass via log_in — Crypto Tool 9.8 Critical2024-10-29

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.