CWE-288: CWE-288
Yearly Trend
Top Affected Vendors
All CWE-288 CVEs (235)
CVE-2024-7314 is an authentication bypass vulnerability in anji-plus AJ-Report that allows unauthenticated attackers to execute arbitrary Java code on...
Aug 2, 2024CVE-2024-7007 is an authentication bypass vulnerability in Positron Broadcast Signal Processor TRA7005 v1.20 that allows attackers to access protected...
Jul 25, 2024This CVE describes an authentication bypass vulnerability in D-Link devices that allows attackers to access administrative functions without valid cre...
Jul 21, 2024This critical vulnerability in JLINK AX1800 routers allows remote attackers to bypass authentication and execute arbitrary code on affected devices. A...
Jun 17, 2024CVE-2024-2055 is an authentication bypass vulnerability in Artica Proxy's Rich Filemanager feature that allows unauthenticated attackers to access the...
Mar 5, 2024CVE-2024-27198 is an authentication bypass vulnerability in JetBrains TeamCity CI/CD servers that allows unauthenticated attackers to perform administ...
Mar 4, 2024This critical vulnerability in JetBrains TeamCity allows attackers to bypass authentication mechanisms and achieve remote code execution (RCE) on affe...
Feb 6, 2024CVE-2023-42793 is a critical authentication bypass vulnerability in JetBrains TeamCity CI/CD servers that allows unauthenticated attackers to execute ...
Sep 19, 2023This CVE describes an authentication bypass vulnerability in Yepas Digital Yepas software, allowing attackers to gain unauthorized access without vali...
Sep 14, 2023CVE-2022-35869 is an authentication bypass vulnerability in Inductive Automation Ignition that allows remote attackers to access protected functionali...
Jul 25, 2022An authentication bypass vulnerability in Lenovo Fan Power Controller2 (FPC2) and System Management Module (SMM) firmware allows unauthenticated attac...
Apr 22, 2022This vulnerability in Automation Direct CLICK PLC CPU Modules allows unauthorized attackers to read PLC projects when an authorized user has unlocked ...
Apr 4, 2022This vulnerability in Automation Direct CLICK PLC CPU Modules allows unauthorized programming access after an authorized session is interrupted. The P...
Apr 4, 2022This vulnerability in Automation Direct CLICK PLC CPU Modules allows attackers to establish unauthorized programming connections to the PLC even when ...
Apr 4, 2022CVE-2022-24047 is an authentication bypass vulnerability in BMC Track-It! that allows remote attackers to access protected functionality without crede...
Feb 18, 2022An authentication bypass vulnerability in Anker Eufy Homebase 2 allows attackers to gain elevated privileges without valid credentials by sending spec...
Dec 22, 2021ECOA BAS controller has an authentication bypass vulnerability where unauthenticated attackers can manipulate cookies to bypass authentication. This a...
Sep 30, 2021CVE-2020-10148 is an authentication bypass vulnerability in SolarWinds Orion API that allows remote attackers to execute arbitrary API commands withou...
Dec 29, 2020CVE-2025-10571 is an authentication bypass vulnerability in ABB Ability Edgenius that allows attackers to access protected functionality without valid...
Nov 20, 2025CVE-2023-6718 is an authentication bypass vulnerability in Repox that allows remote attackers to create or modify user accounts without authentication...
Dec 13, 2023Signal K Server versions before 2.19.0 allow unauthenticated attackers to steal JWT authentication tokens through two chained vulnerabilities: unauthe...
Jan 1, 2026CVE-2025-15102 is a password protection bypass vulnerability in Delta Electronics DVP-12SE11T PLC modules. Attackers can bypass authentication mechani...
Dec 30, 2025This vulnerability in Quarkus's WebAuthn module allows attackers to bypass authentication by accessing default REST endpoints that remain active even ...
May 6, 2025This vulnerability allows remote attackers to bypass authentication on IBM FlashSystem RPCAdapter endpoints by sending specially crafted HTTP requests...
Feb 28, 2025This vulnerability allows unauthenticated attackers to access two sensitive web pages on affected Sharp and Toshiba multifunction printers. Attackers ...
Nov 26, 2024This authentication bypass vulnerability in Sharp and Toshiba Tec multifunction printers allows attackers to bypass HTTP authentication mechanisms and...
Oct 25, 2024CVE-2024-28200 is an authentication bypass vulnerability in N-central server that allows attackers to access the user interface without valid credenti...
Jul 1, 2024This vulnerability allows attackers to bypass file extension validation in XLANG OpenAgents by uploading files with incorrect extensions that don't ma...
May 6, 2024This vulnerability allows attackers to bypass authentication mechanisms in Dover Fueling Solutions MAGLINK LX Web Console Configuration, potentially g...
Sep 11, 2023CVE-2021-43985 allows an unauthenticated remote attacker to access mySCADA myPRO systems without authentication or authorization, potentially leading ...
Dec 23, 2021This vulnerability allows attackers to bypass authentication in the Miraculous Elementor WordPress plugin, potentially gaining unauthorized access to ...
Feb 20, 2026This authentication bypass vulnerability in Universal Software Inc.'s FlexCity/Kiosk software allows attackers to gain unauthorized access and escalat...
Feb 13, 2026An authentication bypass vulnerability in Tongyu AX1800 Wi-Fi 6 Router firmware allows attackers on the same network to perform administrative actions...
Jan 13, 2026This vulnerability allows attackers to bypass authentication in the WPExperts Post SMTP WordPress plugin, potentially gaining unauthorized access to a...
Aug 7, 2025This vulnerability allows authenticated attackers with Subscriber-level access or higher to change arbitrary users' email addresses in the Nokri WordP...
Jul 12, 2025This vulnerability allows attackers to bypass authentication in the WP SmartPay WordPress plugin, potentially gaining unauthorized access to user acco...
Jun 27, 2025This vulnerability allows attackers within Bluetooth range to bypass authentication on Sony XAV-AX8500 in-car entertainment systems. The flaw exists i...
Jun 21, 2025The Browse As WordPress plugin up to version 0.2 contains an authentication bypass vulnerability that allows authenticated attackers with subscriber-l...
May 30, 2025This vulnerability allows attackers to bypass authentication in the mediaticus Subaccounts for WooCommerce WordPress plugin, enabling unauthorized acc...
May 23, 2025This CVE describes an authentication bypass vulnerability in the Vitepos WordPress plugin that allows attackers to gain unauthorized access without va...
Apr 1, 2025This vulnerability allows authenticated attackers with student-level access or higher in the School Management System for WordPress plugin to change a...
Mar 7, 2025The User Toolkit WordPress plugin up to version 1.2.3 contains an authentication bypass vulnerability that allows authenticated attackers with subscri...
Oct 26, 2024This vulnerability allows attackers to bypass authentication in the iBryl Switch User WordPress plugin, potentially gaining unauthorized access to use...
Oct 23, 2024The Rover IDX WordPress plugin has an authentication bypass vulnerability that allows authenticated attackers with subscriber-level permissions or hig...
Oct 22, 2024The WP Users Masquerade WordPress plugin has an authentication bypass vulnerability that allows authenticated attackers with subscriber-level permissi...
Oct 10, 2024This vulnerability allows network-adjacent attackers to bypass authentication on NETGEAR R7000 routers by exploiting a flaw in SOAP request processing...
Jan 13, 2022An authentication bypass vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to access stored credential data. This affec...
Feb 10, 2026CVE-2025-61673 is an authentication bypass vulnerability in Karapace versions 5.0.0 and 5.0.1 when configured with OAuth 2.0 Bearer Token authenticati...
Oct 3, 2025CVE-2025-10653 exposes an unauthenticated debug port on affected devices, allowing attackers to access the device's file system without credentials. T...
Oct 2, 2025This vulnerability allows attackers to bypass authentication on Siemens SINUMERIK CNC systems' VNC access service due to insufficient password verific...
Aug 12, 2025About CWE-288 (CWE-288)
Our database tracks 235 CVEs classified as CWE-288, with 130 rated critical and 73 rated high severity. The average CVSS score for CWE-288 vulnerabilities is 8.7.
External reference: View CWE-288 on MITRE CWE →
Monitor CWE-288 Vulnerabilities
Get alerted when new CWE-288 CVEs affect your infrastructure.
Start Monitoring Free