Weaknesses of type CWE-288
586 resultsCVE-2020-37255HIGHWordPress Time Capsule Plugin 1.21.16 Authentication BypassEPSS 0.4%CVE-2025-54725CRITICALWordPress Golo Theme <= 1.7.0 - Broken Authentication VulnerabilityEPSS 0.4%CVE-2025-54738CRITICALWordPress Jobmonster Theme <= 4.7.9 - Broken Authentication VulnerabilityEPSS 0.4%CVE-2023-34335HIGHAMI BMC contains a vulnerability in the IPMI handler, where an
unauthenticated host is allowed to write to a host SPI flash, bypassing securEPSS 0.4%CVE-2026-5415HIGHWP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login LinkEPSS 0.4%CVE-2025-47244HIGHInedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by cEPSS 0.4%CVE-2026-34581HIGHgoshs has Auth Bypass via Share TokenEPSS 0.4%CVE-2022-3614MEDIUMIn affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication chEPSS 0.4%CVE-2025-9967CRITICALOrion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account TakeoverEPSS 0.4%CVE-2026-42378MEDIUMWordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2020-5384HIGHAuthentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unautheEPSS 0.4%CVE-2025-4687HIGHAccount pre-hijacking through invite misuseEPSS 0.4%CVE-2025-67039CRITICALAn issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific sufEPSS 0.4%CVE-2026-45109HIGHNext.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routesEPSS 0.4%CVE-2026-39450HIGHWordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2026-40785HIGHWordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2025-7038HIGHLatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step FunctionEPSS 0.4%CVE-2019-5451—Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing thEPSS 0.4%CVE-2025-68895MEDIUMWordPress AhaChat Messenger Marketing plugin <= 1.1 - Broken Authentication vulnerabilityEPSS 0.4%CVE-2026-44574HIGHNext.js: Middleware / Proxy bypass through dynamic route parameter injectionEPSS 0.4%