Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Authentication Bypass

This page lists 844 vulnerabilities in this category.

Critical: 30 High: 809 Medium: 5
Vulnerability Name
CVE
CWE
Severity
Joomla! Core 4.x.x Security Bypass (4.0.0 - 4.2.7)
CVE-2023-23752
CWE-287
High
WordPress Cookies Security Bypass Weakness (1.5 - 2.3.1)
CVE-2007-6013
CWE-287
High
WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2)
CVE-2009-2854
CWE-264
High
WordPress 2.8.3 Admin Password Reset Security Bypass Vulnerability (0.6.2 - 2.8.3)
CVE-2009-2762
CWE-255
High
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8)
CVE-2009-2334
CWE-287
High
WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1)
CVE-2010-0682
CWE-264
High
WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability (3.0.1 - 3.0.2)
CVE-2010-5106
CWE-264
High
WordPress 'press-this.php' Remote Security Bypass Vulnerability (0.7 - 3.1.1)
CVE-2011-5270
CWE-264
High
WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1)
CVE-2012-1936
CWE-352
High
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4)
CVE-2017-8295
CWE-264
High
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.12)
CVE-2022-25270
CWE-264
High
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.20)
CVE-2022-31043
CWE-284
High
WordPress Plugin Authorize.net Payment Gateway For WooCommerce Security Bypass (2.0)
-
CWE-264
High
Sangfor NGAF Authentication Bypass
-
CWE-287
High
ManageEngine ADSelfService Plus Authentication Bypass (CVE-2021-40539)
CVE-2021-40539
CWE-287
High
Apache Shiro authentication bypass
CVE-2020-17523
CWE-287
High
Alibaba Nacos Authentication Bypass (CVE-2021-29441)
CVE-2021-29441
CWE-287
High
ntopng Authentication Bypass (CVE-2021-28073)
CVE-2021-28073
CWE-287
High
Unsafe use of Reflection
-
CWE-470
High
Fortinet Authentication bypass on administrative interface
CVE-2022-40684
CWE-288
High
SolarWinds Orion API Auth bypass (CVE-2020-10148)
CVE-2020-10148
CWE-287
High
Openfire Path Traversal (CVE-2023-32315)
CVE-2023-32315
CWE-22
High
Qlik Sense Enterprise Auth Bypass (CVE-2023-41266)
CVE-2023-41266
CWE-20
High
Strapi Cognito provider Authentication Bypass (CVE-2023-22893)
CVE-2023-22893
CWE-287
High
Kentico CMS RCE CVE-2017-17736
CVE-2017-17736
CWE-425
High
Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082)
CVE-2023-35082
CWE-287
High
Case-Insensitive Routing Bypass in Express.js Application
-
CWE-287
High
SAML Response without signature
-
CWE-347
High
No SAML Respose signature check
-
CWE-347
High
SAML Respose signature exclusion
-
CWE-347
High
WooCommerce Payments Authentication Bypass and Privilege Escalation
CVE-2023-28121
CWE-287
High
Grafana Snapshot Authentication Bypass (CVE-2021-39226)
CVE-2021-39226
CWE-287
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
CVE-2023-46805
CWE-287
High
Securepoint UTM (CVE-2023-22620, CVE-2023-22897)
CVE-2023-22897
CWE-863
High
TeamCity Authentication Bypass (CVE-2024-27199)
CVE-2024-27199
CWE-288
High
AppWeb Authentication Bypass (CVE-2018-8715)
CVE-2018-8715
CWE-287
High
Oracle Business Intelligence AuthBypass CVE-2019-2768
CVE-2019-2768
CWE-200
High
Unauthenticated Access to Sensitive Functions
-
CWE-306
High
HTTP verb tampering via POST
-
CWE-285
High
Microsoft IIS5 NTLM and Basic authentication bypass
CVE-2007-2815
CWE-288
High
Akeeba backup access control bypass
-
CWE-287
High
Adobe ColdFusion 9 administrative login bypass
CVE-2013-0632
CWE-287
High
Security update: Hotfix available for ColdFusion
CVE-2013-0632
CWE-287
High
WordPress plugin Custom Contact Forms critical vulnerability
-
CWE-287
High
DotNetNuke multiple vulnerabilities
CVE-2012-1030
CWE-79
High
Ektron CMS Account Hijack
-
CWE-288
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Method Tampering
-
CWE-285
High
JAAS authentication bypass
-
CWE-693
High
Oracle WebLogic Authentication Bypass
CVE-2018-2894
CWE-287
High
JSP authentication bypass
-
CWE-287
High
Security vulnerability in MySQL/MariaDB sql/password.c
CVE-2012-2122
CWE-287
High
Misfortune Cookie vulnerability
CVE-2014-9222
CWE-119
High
Rails Devise authentication password reset
CVE-2013-0233
CWE-287
High
X-Forwarded-For HTTP header security bypass
-
CWE-287
High
Liferay JSON service API authentication vulnerability
-
CWE-287
High
MediaWiki multiple remote vulnerabilities
CVE-2012-4378
CWE-79
High
Joomla! Core Security Bypass
CVE-2017-11364
-
High
Spring Security Authentication Bypass
CVE-2016-5007
CWE-287
High
Ektron CMS authentication bypass
CVE-2018-12596
CWE-285
High
ColdFusion PMS Arbitrary File Read (CVE-2024-20767)
CVE-2024-20767
CWE-284
High
JWT Signature is not Verified
-
CWE-287
High
Drupal Core 9.2.x Multiple Security Bypass Vulnerabilities (9.2.0 - 9.2.5)
CVE-2020-13677
CWE-284
High
Drupal Core 8.9.0 Security Bypass (8.9.0)
CVE-2020-13665
CWE-264
High
Drupal Core 8.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.3.6)
CVE-2017-6925
CWE-264
High
Drupal Core 8.x Security Bypass (8.0.0 - 8.2.7)
CVE-2017-6919
CWE-264
High
Drupal Core 8.x Security Bypass (8.0.0 - 8.5.5)
CVE-2018-14773
CWE-749
High
Drupal Core 8.7.4 Security Bypass (8.7.4)
CVE-2019-6342
CWE-264
High
Drupal Core 7.x Security Bypass (7.0 - 7.68)
-
CWE-264
High
Drupal Core 8.7.x Security Bypass (8.7.0 - 8.7.10)
-
CWE-264
High
Drupal Core 8.8.0 Security Bypass (8.8.0)
-
CWE-264
High
Drupal Core 8.8.x Security Bypass (8.8.0 - 8.8.9)
CVE-2020-13667
CWE-264
High
Drupal Core 8.8.x Security Bypass (8.8.0 - 8.8.7)
CVE-2020-13665
CWE-264
High
Drupal Core 8.9.x Security Bypass (8.9.0 - 8.9.5)
CVE-2020-13667
CWE-264
High
Drupal Core 7.x Security Bypass (7.0 - 7.55)
CVE-2017-6922
CWE-264
High