CWE-288
CWE-288
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 22 of 22- CVE-2026-47200—EPSS 0%8 h ago
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experime
npm - CVE-2026-23760Critical· 9.8KEVEPSS 82%20 h ago
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
- CVE-2026-1603High· 8.6KEVEPSS 59%20 h ago
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- CVE-2025-4427Medium· 5.3KEVEXPLOITEPSS 91%20 h ago
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
- CVE-2025-24472High· 8.1KEVEPSS 10%20 h ago
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
- CVE-2020-10148Critical· 9.8KEVEPSS 94%20 h ago
SolarWinds Orion Authentication Bypass Vulnerability
- CVE-2024-1709Critical· 10.0KEVEXPLOITEPSS 94%20 h ago
ConnectWise ScreenConnect Authentication Bypass Vulnerability
- CVE-2025-2747Critical· 9.8KEVEPSS 91%20 h ago
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
- CVE-2025-57819Critical· 9.8KEVEXPLOITEPSS 77%20 h ago
Sangoma FreePBX Authentication Bypass Vulnerability
- CVE-2022-40684Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
Fortinet Multiple Products Authentication Bypass Vulnerability
- CVE-2024-55591Critical· 9.8KEVEPSS 94%20 h ago
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
- CVE-2025-34026High· 7.5KEVEPSS 71%20 h ago
Versa Concerto Improper Authentication Vulnerability
- CVE-2023-20269Medium· 5.0KEVEPSS 1%20 h ago
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
- CVE-2026-24858Critical· 9.8KEVEPSS 4%20 h ago
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
- CVE-2023-46747Critical· 9.8KEVEXPLOITEPSS 94%20 h ago
F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
- CVE-2024-27198Critical· 9.8KEVEXPLOITEPSS 93%20 h ago
JetBrains TeamCity Authentication Bypass Vulnerability
- CVE-2023-42793Critical· 9.8KEVEXPLOITEPSS 93%20 h ago
JetBrains TeamCity Authentication Bypass Vulnerability
- CVE-2025-2746Critical· 9.8KEVEPSS 90%20 h ago
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
- CVE-2026-10523Critical· 9.9EPSS 9%3 d ago
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access
- CVE-2025-22862Medium· 6.7EPSS 0%4 d ago
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and
- CVE-2026-1618High· 8.8EPSS 0%7 d ago
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
- CVE-2026-5415High· 8.8EPSS 0%7 d ago
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajax_run_to
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.