The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugi…

CVE-2023-21098HIGHCVSS 7.8EG 7.8

2023-04-19

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privile…

CVE-2023-22495CRITICALCVSS 9.8EG 9.8

2023-01-14

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is …

CVE-2023-23503MEDIUMCVSS 5.5EG 5.5

2023-02-27

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.

CVE-2023-2437CRITICALCVSS 9.8EG 9.8

2023-11-22

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it …

CVE-2023-2499CRITICALCVSS 9.8EG 9.8

2023-05-16

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugi…

CVE-2023-2546HIGHCVSS 8.8EG 8.8

2023-06-06

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who…

CVE-2023-2704CRITICALCVSS 9.8EG 9.8

2023-05-19

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This m…

CVE-2023-2732CRITICALCVSS 9.8EG 9.8

2023-05-25

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plu…

CVE-2023-2733CRITICALCVSS 9.8EG 9.8

2023-05-25

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through t…

CVE-2023-2734CRITICALCVSS 9.8EG 9.8

2023-05-25

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request throu…

CVE-2023-2781HIGHCVSS 8.1EG 8.1

2023-06-03

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend…

CVE-2023-2834CRITICALCVSS 9.8EG 9.8

2023-06-30

The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This make…

CVE-2023-2982CRITICALCVSS 9.8EG 9.8

2023-06-29

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supp…

CVE-2023-2986CRITICALCVSS 9.8EG 9.8

2023-06-08

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link …

CVE-2023-30909CRITICALCVSS 9.8EG 9.8

2023-09-14

A remote authentication bypass issue exists in some OneView APIs.

CVE-2023-30946LOWCVSS 3.5EG 3.5

2023-06-29

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the i…

CVE-2023-31152MEDIUMCVSS 4.0EG 4.0

2023-05-10

An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 202…

CVE-2023-3162CRITICALCVSS 9.8EG 9.8

2023-08-31

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout thr…

CVE-2023-32002CRITICALCVSS 9.8EG 9.8

2023-08-21

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release l…

CVE-2023-3249CRITICALCVSS 9.8EG 9.8

2023-06-30

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. T…

CVE-2023-3277CRITICALCVSS 9.8EG 9.8

2023-11-03

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attac…

CVE-2023-34335HIGHCVSS 7.7EG 7.7

2023-06-12

AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. An exploitation of this vulnerability may lead to a loss of integrity or denial…

CVE-2023-36091CRITICALCVSS 9.8EG 9.8

2023-07-31

Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the …

CVE-2023-37057CRITICALCVSS 9.8EG 9.8

2024-06-17

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.

CVE-2023-39231HIGHCVSS 7.3EG 7.3

2023-10-25

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their o…

CVE-2023-39930HIGHCVSS 7.5EG 7.5

2023-10-25

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.

CVE-2023-41256CRITICALCVSS 9.1EG 9.1

2023-09-11

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.

CVE-2023-41351CRITICALCVSS 9.8EG 9.8

2023-11-03

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for …

CVE-2023-42770CRITICALCVSS 10.0EG 10.0

2023-11-21

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the mes…

CVE-2023-42771HIGHCVSS 8.8EG 8.8

2023-10-03

Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuratio…

CVE-2023-42793CRITICALCVSS 9.8EG 9.8⚠ KEV

2023-09-19

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

CVE-2023-43045MEDIUMCVSS 5.9EG 5.9

2023-10-23

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.

CVE-2023-46319HIGHCVSS 7.5EG 7.5

2023-10-23

WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface.

CVE-2023-46747CRITICALCVSS 9.8EG 9.8⚠ KEV

2023-10-26

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Softwar…

CVE-2023-4702CRITICALCVSS 9.8EG 10.0

2023-09-14

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass. This issue affects Digital Yepas: before 1.0.1.

CVE-2023-49564HIGHCVSS 8.8EG 8.8

2025-09-18

The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensit…

CVE-2023-4957MEDIUMCVSS 5.4EG 5.4

2023-10-11

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web…

CVE-2023-50272HIGHCVSS 7.5EG 7.5

2023-12-19

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.

CVE-2023-50915MEDIUMCVSS 6.5EG 6.5

2024-04-30

An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager s…

CVE-2023-6718CRITICALCVSS 9.4EG 9.4

2023-12-13

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users.

CVE-2024-10002HIGHCVSS 8.8EG 8.8

2024-10-22

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This m…

CVE-2024-10081CRITICALCVSS 10.0EG 10.0

2024-11-06

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API …

CVE-2024-10245CRITICALCVSS 9.8EG 9.8

2024-11-12

The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unau…

CVE-2024-10284CRITICALCVSS 9.8EG 9.8

2024-11-09

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenti…

CVE-2024-10311HIGHCVSS 7.5EG 7.5

2024-11-15

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible fo…

CVE-2024-10381CRITICALCVSS 9.8EG 9.8

2024-10-25

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially craft…

CVE-2024-10438HIGHCVSS 7.5EG 7.5

2024-10-28

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.

CVE-2024-10490HIGHCVSS 8.4EG 0.0

2024-12-02

An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0…

CVE-2024-10924CRITICALCVSS 9.8EG 9.8

2024-11-15

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with…

CWE-288— Authentication Bypass Using an Alternate Path or Channel

CVEs classified under CWE-288page 3 of 11

Map vulnerabilities like CWE-288 to your infrastructure