CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-4R4R-4JP4-WWF9
Vulnerability from github – Published: 2026-02-24 18:31 – Updated: 2026-02-26 15:45FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@frangoteam/fuxa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-69985"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-26T15:45:40Z",
"nvd_published_at": "2026-02-24T16:24:07Z",
"severity": "CRITICAL"
},
"details": "FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP \"Referer\" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server\u0027s host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server.",
"id": "GHSA-4r4r-4jp4-wwf9",
"modified": "2026-02-26T15:45:40Z",
"published": "2026-02-24T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69985"
},
{
"type": "WEB",
"url": "https://gist.github.com/lihy10/8cb2dd65ebf1385f12a7e00e25a50d40"
},
{
"type": "PACKAGE",
"url": "https://github.com/frangoteam/FUXA"
},
{
"type": "WEB",
"url": "https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "FUXA has JWT Authentication Bypass via HTTP Referer header spoofing"
}
GHSA-4V3G-G84W-HV7R
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2024-04-18 17:05In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.0.M9"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.0.M10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.5.4"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.36"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0RC1"
},
{
"fixed": "8.0.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.0.70"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.72"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.45"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:jasper"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.47"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.0.M9"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.0.M10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.5.4"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.36"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0RC1"
},
{
"fixed": "8.0.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 7.0.70"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.72"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.45"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-jasper"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.47"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-5018"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-06T19:43:40Z",
"nvd_published_at": "2017-08-10T16:29:00Z",
"severity": "CRITICAL"
},
"details": "In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
"id": "GHSA-4v3g-g84w-hv7r",
"modified": "2024-04-18T17:05:59Z",
"published": "2022-05-13T01:02:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/648122fef84d3b43223e0b5ae668f84719dada0a"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/890a2f681ed2f3461b27983d7da9737375ff2ae4"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/a6b1ebc246b91b854237e5aad3dfd2b5460ea282"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e@%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4557-1"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20161125134649/http://www.securityfocus.com/bid/93942"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20170908024318/http://www.securitytracker.com/id/1037142"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20171012232225/http://www.securitytracker.com/id/1038757"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1548"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1549"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1550"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1552"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2247"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://github.com/search?q=repo%3Aapache%2Ftomcat+jasper.runtime+path%3A%2F%5Eres%5C%2Fbnd%5C%2F%2F\u0026type=code"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1551.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3720"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat"
}
GHSA-4V98-7R2C-MXG7
Vulnerability from github – Published: 2026-05-01 12:30 – Updated: 2026-05-01 12:30The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP's empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a valid token. This makes it possible for unauthenticated attackers to authenticate as any active temporary login user by sending a single crafted GET request.
{
"affected": [],
"aliases": [
"CVE-2026-7567"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-01T10:15:58Z",
"severity": "CRITICAL"
},
"details": "The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the \u0027temp-login-token\u0027 GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP\u0027s empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key \u0027_temporary_login_token\u0027, allowing authentication without a valid token. This makes it possible for unauthenticated attackers to authenticate as any active temporary login user by sending a single crafted GET request.",
"id": "GHSA-4v98-7r2c-mxg7",
"modified": "2026-05-01T12:30:24Z",
"published": "2026-05-01T12:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7567"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/temporary-login/tags/1.0.0/core/admin.php#L135"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/temporary-login/tags/1.0.0/core/admin.php#L179"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/temporary-login/tags/1.0.0/core/options.php#L157"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/temporary-login/trunk/core/admin.php#L135"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/temporary-login/trunk/core/admin.php#L179"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/temporary-login/trunk/core/options.php#L157"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f97c669b-86c1-4873-a050-76972f494099?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4W36-8Q8W-R4JP
Vulnerability from github – Published: 2023-06-07 03:30 – Updated: 2024-04-04 04:37The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.
{
"affected": [],
"aliases": [
"CVE-2020-36713"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-07T02:15:11Z",
"severity": "CRITICAL"
},
"details": "The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the \u0027register\u0027 and \u0027update_user_profile\u0027 routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.",
"id": "GHSA-4w36-8q8w-r4jp",
"modified": "2024-04-04T04:37:33Z",
"published": "2023-06-07T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36713"
},
{
"type": "WEB",
"url": "https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin"
},
{
"type": "WEB",
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-mstore-api-security-bypass-2-1-5"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4W54-WWC9-X62C
Vulnerability from github – Published: 2024-06-03 06:30 – Updated: 2024-07-05 21:22Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.silverpeas.core:silverpeas-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-36042"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-04T18:06:25Z",
"nvd_published_at": "2024-06-03T06:15:09Z",
"severity": "CRITICAL"
},
"details": "Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.",
"id": "GHSA-4w54-wwc9-x62c",
"modified": "2024-07-05T21:22:25Z",
"published": "2024-06-03T06:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36042"
},
{
"type": "WEB",
"url": "https://github.com/Silverpeas/Silverpeas-Core/commit/11fb5e21c252ce4751b85fccf5b8076156e0b4f0"
},
{
"type": "WEB",
"url": "https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d"
},
{
"type": "PACKAGE",
"url": "https://github.com/Silverpeas/Silverpeas-Core"
},
{
"type": "WEB",
"url": "https://github.com/Silverpeas/Silverpeas-Core/tags"
},
{
"type": "WEB",
"url": "https://silverpeas.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Silverpeas authentication bypass"
}
GHSA-4WX7-2HFW-HHFF
Vulnerability from github – Published: 2026-04-06 15:31 – Updated: 2026-04-07 15:30An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
{
"affected": [],
"aliases": [
"CVE-2026-31151"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T15:17:09Z",
"severity": "CRITICAL"
},
"details": "An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application \u0027s resources.",
"id": "GHSA-4wx7-2hfw-hhff",
"modified": "2026-04-07T15:30:42Z",
"published": "2026-04-06T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31151"
},
{
"type": "WEB",
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31151"
},
{
"type": "WEB",
"url": "https://kaleris.com/solutions/yard-management"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4X43-FWGV-CQ8J
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2024-04-04 08:55A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
{
"affected": [],
"aliases": [
"CVE-2023-39930"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T18:17:29Z",
"severity": "CRITICAL"
},
"details": "A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.",
"id": "GHSA-4x43-fwgv-cq8j",
"modified": "2024-04-04T08:55:05Z",
"published": "2023-10-25T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39930"
},
{
"type": "WEB",
"url": "https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_26_rn"
},
{
"type": "WEB",
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4X6F-959M-MVMQ
Vulnerability from github – Published: 2026-05-27 12:31 – Updated: 2026-05-27 12:31Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a through <= 1.3.0.
{
"affected": [],
"aliases": [
"CVE-2026-42749"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T11:16:21Z",
"severity": "HIGH"
},
"details": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a through \u003c= 1.3.0.",
"id": "GHSA-4x6f-959m-mvmq",
"modified": "2026-05-27T12:31:23Z",
"published": "2026-05-27T12:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42749"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/comments-plus/vulnerability/wordpress-disable-comments-for-any-post-types-remove-comments-plugin-1-3-0-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4XFP-FCW8-3Q4P
Vulnerability from github – Published: 2024-06-04 03:30 – Updated: 2024-06-04 03:30The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
{
"affected": [],
"aliases": [
"CVE-2024-4552"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-04T02:15:49Z",
"severity": "CRITICAL"
},
"details": "The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.",
"id": "GHSA-4xfp-fcw8-3q4p",
"modified": "2024-06-04T03:30:45Z",
"published": "2024-06-04T03:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4552"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/social-login-lite-for-woocommerce/tags/1.6.0/woocommerce_social_login.php#L499"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f91d6ad6-82fc-4507-90e2-aedfff26bac5?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-532H-WP9V-FJXQ
Vulnerability from github – Published: 2025-04-18 15:31 – Updated: 2025-04-18 15:31An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions.
Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.
{
"affected": [],
"aliases": [
"CVE-2025-2492"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-18T09:15:13Z",
"severity": "CRITICAL"
},
"details": "An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions.\n\n\nRefer to the \u0027ASUS Router AiCloud vulnerability\u0027 section on the ASUS Security Advisory for more information.",
"id": "GHSA-532h-wp9v-fjxq",
"modified": "2025-04-18T15:31:38Z",
"published": "2025-04-18T15:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2492"
},
{
"type": "WEB",
"url": "https://www.asus.com/content/asus-product-security-advisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.