CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
GHSA-7664-JHG9-7J9C
Vulnerability from github – Published: 2024-06-20 03:30 – Updated: 2024-06-20 03:30The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
{
"affected": [],
"aliases": [
"CVE-2024-5432"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T02:15:11Z",
"severity": "CRITICAL"
},
"details": "The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.",
"id": "GHSA-7664-jhg9-7j9c",
"modified": "2024-06-20T03:30:35Z",
"published": "2024-06-20T03:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5432"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/includes/class-lifeline-donation.php?rev=2575844#L292"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/vendor/webinane/webinane-commerce/includes/Classes/Checkout.php?rev=2490935#L125"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-76JF-FGC3-37RX
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-26117"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T18:18:41Z",
"severity": "HIGH"
},
"details": "Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-76jf-fgc3-37rx",
"modified": "2026-03-10T18:31:21Z",
"published": "2026-03-10T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26117"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26117"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-76JX-V26P-5PJG
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:51Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2019-13526"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-30T09:15:00Z",
"severity": "HIGH"
},
"details": "Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code.",
"id": "GHSA-76jx-v26p-5pjg",
"modified": "2024-04-04T01:51:40Z",
"published": "2022-05-24T16:55:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13526"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-239-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77GX-Q4QR-RPGR
Vulnerability from github – Published: 2025-03-24 18:31 – Updated: 2025-03-24 21:30On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires a user to physically press on the power button during a connection.
{
"affected": [],
"aliases": [
"CVE-2025-30112"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-24T17:15:21Z",
"severity": "HIGH"
},
"details": "On 70mai Dash Cam 1S devices, by connecting directly to the dashcam\u0027s network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires a user to physically press on the power button during a connection.",
"id": "GHSA-77gx-q4qr-rpgr",
"modified": "2025-03-24T21:30:33Z",
"published": "2025-03-24T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30112"
},
{
"type": "WEB",
"url": "https://github.com/geo-chen/70mai/blob/main/README.md#finding-1---cve-2025-30112-bypass-device-pairing-of-70mai-dashcam-1s"
},
{
"type": "WEB",
"url": "https://www.70mai.com/cam1s"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-77W2-CRQV-CMV3
Vulnerability from github – Published: 2026-03-29 15:49 – Updated: 2026-04-10 17:28Summary
Feishu Raw card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing
Affected Packages / Versions
- Package:
openclaw - Affected versions:
<= 2026.3.24 - First patched version:
2026.3.25 - Latest published npm version at verification time:
2026.3.24
Details
Feishu raw card sends could previously mint legacy callback payloads that bypassed DM pairing and let unpaired recipients reach callback handling. Commit 81c45976db532324b5a0918a70decc19520dc354 rejects legacy raw-card command payloads so callbacks stay on the normal paired path.
Verified vulnerable on tag v2026.3.24 and fixed on main by commit 81c45976db532324b5a0918a70decc19520dc354.
Fix Commit(s)
81c45976db532324b5a0918a70decc19520dc354
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.3.24"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35664"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-29T15:49:17Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nFeishu Raw card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `\u003c= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nFeishu raw card sends could previously mint legacy callback payloads that bypassed DM pairing and let unpaired recipients reach callback handling. Commit `81c45976db532324b5a0918a70decc19520dc354` rejects legacy raw-card command payloads so callbacks stay on the normal paired path.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `81c45976db532324b5a0918a70decc19520dc354`.\n\n## Fix Commit(s)\n\n- `81c45976db532324b5a0918a70decc19520dc354`",
"id": "GHSA-77w2-crqv-cmv3",
"modified": "2026-04-10T17:28:25Z",
"published": "2026-03-29T15:49:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/81c45976db532324b5a0918a70decc19520dc354"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing"
}
GHSA-78JM-3RG9-QVXQ
Vulnerability from github – Published: 2025-05-29 09:31 – Updated: 2025-05-29 09:31In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.
{
"affected": [],
"aliases": [
"CVE-2025-4687"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-29T09:15:27Z",
"severity": "HIGH"
},
"details": "In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.",
"id": "GHSA-78jm-3rg9-qvxq",
"modified": "2025-05-29T09:31:00Z",
"published": "2025-05-29T09:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4687"
},
{
"type": "WEB",
"url": "https://jowin922.medium.com/cve-2025-4687-pre-account-takeover-through-invite-on-teletonika-rms-website-972335378829"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7C29-VR96-55V3
Vulnerability from github – Published: 2025-08-23 06:30 – Updated: 2025-08-23 06:30The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity prior to logging them in as an admin through the simplerwc_woocommerce_order_created() function. This makes it possible for unauthenticated attackers to log in as other users based on their order ID, which can be an administrator if a site admin has placed a test order.
{
"affected": [],
"aliases": [
"CVE-2025-7642"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-23T05:15:32Z",
"severity": "CRITICAL"
},
"details": "The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user\u0027s identity prior to logging them in as an admin through the simplerwc_woocommerce_order_created() function. This makes it possible for unauthenticated attackers to log in as other users based on their order ID, which can be an administrator if a site admin has placed a test order.",
"id": "GHSA-7c29-vr96-55v3",
"modified": "2025-08-23T06:30:20Z",
"published": "2025-08-23T06:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7642"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/simpler-checkout/tags/1.1.9/includes/hooks.php#L7"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02cf0e1a-bd12-44b1-9bc5-1a5ec332b000?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7C8C-X5XP-8WGJ
Vulnerability from github – Published: 2024-08-22 12:30 – Updated: 2024-08-22 12:30IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.
{
"affected": [],
"aliases": [
"CVE-2024-35151"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-22T11:15:13Z",
"severity": "MODERATE"
},
"details": "IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.",
"id": "GHSA-7c8c-x5xp-8wgj",
"modified": "2024-08-22T12:30:27Z",
"published": "2024-08-22T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35151"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/292638"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7165959"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7C8F-5R89-MJGX
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2025-10-22 00:32The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
{
"affected": [],
"aliases": [
"CVE-2020-10148"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-288",
"CWE-306"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-29T22:15:00Z",
"severity": "CRITICAL"
},
"details": "The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.",
"id": "GHSA-7c8f-5r89-mjgx",
"modified": "2025-10-22T00:32:01Z",
"published": "2022-05-24T17:37:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10148"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/843464"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10148"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/843464"
},
{
"type": "WEB",
"url": "https://www.solarwinds.com/securityadvisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CQG-GQ5X-QR9Q
Vulnerability from github – Published: 2026-07-01 06:31 – Updated: 2026-07-01 12:31In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788.
{
"affected": [],
"aliases": [
"CVE-2026-20460"
],
"database_specific": {
"cwe_ids": [
"CWE-288"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T04:17:15Z",
"severity": "MODERATE"
},
"details": "In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788.",
"id": "GHSA-7cqg-gq5x-qr9q",
"modified": "2026-07-01T12:31:34Z",
"published": "2026-07-01T06:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20460"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.