Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

type:auth-bypass — CVE vulnerabilities tagged 1794

1794 CVE security advisories tagged "type:auth-bypass" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:auth-bypass" identifies vulnerabilities where attackers circumvent authentication mechanisms to gain unauthorized access to protected resources. This class of flaws is critical because it undermines the fundamental integrity of access controls, allowing malicious actors to assume legitimate user identities or access administrative functions without valid credentials. Typical scenarios include improper validation of session tokens, logic errors in multi-factor authentication workflows, or the exploitation of weak cryptographic implementations that allow password guessing or token forgery. With 1739 associated CVEs, this widespread issue highlights persistent challenges in secure coding practices. Successful exploitation often leads to data breaches, privilege escalation, and complete system compromise, making the remediation of authentication bypasses a priority for security teams aiming to maintain robust perimeter defenses and protect sensitive organizational data from external threats.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24207 NVIDIA Triton Inference Server 认证绕过漏洞 — Triton Inference ServerCWE-288 9.8 Critical2026-05-20
CVE-2026-24206 NVIDIA Triton Inference Server认证绕过漏洞 — Triton Inference ServerCWE-288 7.3 High2026-05-20
CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter — Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSECWE-918 5.4 Medium2026-05-20
CVE-2026-8912 Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & StripeCWE-89 7.5 High2026-05-19
CVE-2026-37982 Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay — Red Hat build of Keycloak 26.4 6.8 Medium2026-05-19
CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation — Red Hat Build of KeycloakCWE-603 4.3 Medium2026-05-19
CVE-2026-36829 Panabit PAP-XM320 V7.7及之前版本存在身份验证绕过漏洞 — n/a--2026-05-19
CVE-2026-4320 Authorization Bypass in ICMS Content Management by Creartia Internet Consulting — ICMS Content ManagementCWE-288--2026-05-18
CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass — iDS6 DSSPro Digital Signage SystemCWE-307 9.8 Critical2026-05-16
CVE-2026-45365 Open WebUI: Authenticated users can bypass model access control via exposed query parameter — open-webuiCWE-285 5.4 Medium2026-05-15
CVE-2026-46474 Trog::TOTP versions before 1.006 for Perl generate secrets using rand — Trog::TOTPCWE-331--2026-05-15
CVE-2026-44699 LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC — libjwtCWE-327--2026-05-15
CVE-2026-5229 Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback — Receive Notifications After Form Submitting – Form Notify for Any FormsCWE-287 9.8 Critical2026-05-15
CVE-2026-2652 Authentication Bypass in mlflow/mlflow — mlflow/mlflowCWE-305--2026-05-15
CVE-2026-45248 Hedera Guardian Authentication Bypass Information Disclosure — guardianCWE-306 5.3 Medium2026-05-14
CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow — zitadelCWE-90 7.5 High2026-05-14
CVE-2026-44678 Tuist: IDOR in preview deletion API allows cross-tenant deletion of any preview by UUID — tuistCWE-639--2026-05-14
CVE-2026-26062 Fleet server may terminate unexpectedly when handling certain gRPC requests — fleetCWE-20--2026-05-14
CVE-2026-24000 Fleet has a rate limiting bypass via untrusted client IP headers — fleetCWE-290--2026-05-14
CVE-2026-8621 Crabbox < v0.12.0 Authentication Bypass via Header Spoofing — crabboxCWE-287 8.8 High2026-05-14
CVE-2026-44523 Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery — note-markCWE-326 10.0 Critical2026-05-14
CVE-2026-44308 Spring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications — spring-cloud-awsCWE-345--2026-05-14
CVE-2026-6510 InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation via 'iwar_save_recipe' — InfusedWoo ProCWE-862 9.8 Critical2026-05-14
CVE-2026-8181 Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover — Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)CWE-287 9.8 Critical2026-05-14
CVE-2026-44195 OPNsense: Authentication lockout bypass — coreCWE-307 5.3 Medium2026-05-13
CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay — opentelemetry-collector-contribCWE-208 8.1 High2026-05-13
CVE-2026-44351 fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass — fast-jwtCWE-287 9.1 Critical2026-05-13
CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities — Cloud NGFWCWE-565--2026-05-13
CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled — Cloud NGFWCWE-347--2026-05-13
CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n — next.jsCWE-863 7.5 High2026-05-13

Vulnerabilities classified as type:auth-bypass represent 1794 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.