CWE-288: CWE-288

This vulnerability allows authenticated administrative users on Nokia Single RAN AirScale baseband systems to access all physical boards after a singl...

This vulnerability allows local attackers to bypass authentication on Siemens SCALANCE LPE9403 devices with SINEMA Remote Connect Edge Client installe...

This vulnerability allows attackers to bypass the physical button pairing requirement on 70mai Dash Cam 1S devices by directly connecting to the devic...

An authentication bypass vulnerability in Trivision Camera NC227WF v5.8.0 allows attackers to retrieve administrator credentials in cleartext by sendi...

This vulnerability allows authenticated users to bypass WebAuthn two-factor authentication in GitLab by manipulating session state. It affects GitLab ...

This vulnerability allows physical attackers to reset the admin password on Elspec G5 devices by inserting a USB drive with a specific reset string. I...

This vulnerability allows attackers to bypass Device OAuth flow protections in GitLab, enabling unauthorized authorization form submissions with minim...

This CVE describes an authentication bypass vulnerability in FortiOS and FortiProxy that allows authenticated attackers to elevate privileges via mali...

This CVE describes an authentication bypass vulnerability in Drupal's Microsoft Entra ID SSO Login module that allows attackers to access privileged f...

This CVE describes an authentication bypass vulnerability in LibreOffice on macOS where the bundled Python interpreter inherits the main application's...

A policy bypass vulnerability in Google Chrome extensions allows malicious extensions to leak cross-origin data. Attackers can exploit this by convinc...

This vulnerability allows attackers to bypass Chrome's navigation restrictions by tricking users into installing a malicious extension. It affects all...

IBM OpenPages with Watson versions 8.3 and 9.0 contain an improper authorization vulnerability in APIs that allows authenticated users to access sensi...

This CVE describes an authentication bypass vulnerability in PruvaSoft Informatics Apinizer Management Console that allows attackers to access protect...

This CVE describes a mitigation bypass vulnerability in the DOM: Core & HTML component of Mozilla products. It allows attackers to bypass security mit...

Multiple authorization bypass vulnerabilities in TIM BPM Suite/TIM FLOW allow low-privileged users to access sensitive data and modify restricted cont...

This vulnerability allows users with htaccess file access to bypass mod_userdir+suexec restrictions via the RequestHeader directive, potentially causi...

This vulnerability allows attackers to bypass two-factor authentication (2FA) in Drupal's Email TFA module, potentially gaining unauthorized access to...

This CVE describes a mitigation bypass vulnerability in the Web Compatibility: Tooling component of Firefox and Thunderbird. Attackers could potential...

This vulnerability allows attackers to bypass the lock screen authentication on Reolink mobile apps by exploiting Android Debug Bridge (ADB) access. I...

This vulnerability allows attackers to bypass authentication mechanisms in Drupal CKEditor 5 Premium Features, potentially gaining unauthorized access...

The Petlibro Smart Pet Feeder Platform contains an information disclosure vulnerability that allows attackers to access private audio recordings of ot...

An authentication bypass vulnerability in Zoom Rooms Clients allows unauthenticated attackers to access sensitive information via network access. This...

This vulnerability allows unauthenticated attackers to access course progress data in Masteriyo LMS WordPress plugin without proper authentication. It...

An authentication bypass vulnerability in Ivanti Endpoint Manager Mobile's API allows attackers to access protected resources without valid credential...

This CVE describes a semicolon path injection vulnerability in Scoold's API endpoint that allows unauthenticated attackers to bypass authentication an...

EC-CUBE contains an MFA bypass vulnerability that allows attackers with valid administrator credentials to circumvent two-factor authentication and ac...

This vulnerability allows attackers to bypass multi-factor authentication in Drupal Enterprise MFA - TFA for Drupal by using an alternate path or chan...

This CVE describes an authentication bypass vulnerability in the Drupal One Time Password module that allows attackers to bypass functionality by usin...

This vulnerability allows attackers to bypass authentication by modifying bootloader arguments, gaining access to the file system and password hashes....

This vulnerability allows Developer-role users in GitLab EE to make unauthorized modifications to protected Conan packages when they lack proper permi...

This vulnerability allows attackers to use stored user credentials from the local database to gain unauthorized access to affected systems. It affects...

This vulnerability allows authenticated IBM i users to bypass interface restrictions in Navigator for i by sending specially crafted requests. Attacke...

This vulnerability allows attackers to bypass authentication in Drupal sites using the Disable Login Page module by exploiting an alternate path or ch...

The Micca KE700 vehicle alarm system contains a cryptographic flaw that allows replay attacks. Attackers can capture and replay rolling codes to clone...

An authentication bypass vulnerability in LG Innotek LND7210 and LNV7210R cameras allows attackers to access camera information including user account...