Weaknesses of type CWE-288
584 resultsCVE-2021-32984CRITICALAutomation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or ChannelEPSS 1.1%CVE-2021-32986CRITICALAutomation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or ChannelEPSS 1.1%CVE-2026-44575HIGHNext.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routesEPSS 1.0%CVE-2022-34372CRITICALDell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attackerEPSS 1.0%CVE-2024-9890HIGHUser Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication BypassEPSS 1.0%CVE-2024-50334HIGHSemicolon Path Injection on API /api;/configEPSS 1.0%CVE-2020-27863MEDIUMThis vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-EPSS 1.0%CVE-2023-2027CRITICALZM Ajax Login & Register <= 2.0.2 - Authentication BypassEPSS 1.0%CVE-2021-27453HIGHMesa Labs AmegaView authentication bypassEPSS 1.0%CVE-2020-13185—Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the nEPSS 1.0%CVE-2022-24813MEDIUMAuthentication Bypass Using an Alternate Path or Channel in CreateWikiEPSS 1.0%CVE-2025-5397CRITICALJobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication BypassEPSS 1.0%CVE-2025-2492CRITICALAn improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leEPSS 1.0%CVE-2023-3162CRITICALStripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication BypassEPSS 1.0%CVE-2022-2031—A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowiEPSS 1.0%CVE-2024-7781HIGHJupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account TakeoverEPSS 1.0%CVE-2022-47578HIGHAn issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring completeEPSS 1.0%CVE-2024-36042CRITICALSilverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticEPSS 0.9%CVE-2024-2055CRITICALArtica Proxy Unauthenticated File Manager VulnerabilityEPSS 0.9%CVE-2023-37057CRITICALAn issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentEPSS 0.9%