Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Authentication Bypass
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Authentication Bypass
This page lists
839 vulnerabilities
in this category.
Critical: 26
High: 808
Medium: 5
Vulnerability Name
CVE
CWE
Severity
WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1)
CVE-2010-0682
CWE-264
High
WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability (3.0.1 - 3.0.2)
CVE-2010-5106
CWE-264
High
WordPress 'press-this.php' Remote Security Bypass Vulnerability (0.7 - 3.1.1)
CVE-2011-5270
CWE-264
High
WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1)
CVE-2012-1936
CWE-352
High
WordPress Possible Security Bypass Vulnerability (0.70 - 4.7.4)
CVE-2017-8295
CWE-264
High
WordPress Plugin Peter's Math Anti-Spam Audio CAPTCHA Security Bypass (0.1.6)
CVE-2008-7216
CWE-264
High
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.15)
CVE-2022-24775
CWE-20
High
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.17)
CVE-2022-25273
CWE-20
High
WordPress Plugin Duo Two-Factor Authentication Security Bypass (1.8.1)
-
CWE-592
High
Openfire Path Traversal (CVE-2023-32315)
CVE-2023-32315
CWE-22
High
Kentico CMS RCE CVE-2017-17736
CVE-2017-17736
CWE-425
High
AppWeb Authentication Bypass (CVE-2018-8715)
CVE-2018-8715
CWE-287
High
ManageEngine ADSelfService Plus Authentication Bypass (CVE-2021-40539)
CVE-2021-40539
CWE-287
High
Apache Shiro authentication bypass
CVE-2020-17523
CWE-287
High
Alibaba Nacos Authentication Bypass (CVE-2021-29441)
CVE-2021-29441
CWE-287
High
ntopng Authentication Bypass (CVE-2021-28073)
CVE-2021-28073
CWE-287
High
Unsafe use of Reflection
-
CWE-470
High
Fortinet Authentication bypass on administrative interface
CVE-2022-40684
CWE-288
High
SolarWinds Orion API Auth bypass (CVE-2020-10148)
CVE-2020-10148
CWE-287
High
Qlik Sense Enterprise Auth Bypass (CVE-2023-41266)
CVE-2023-41266
CWE-20
High
Oracle WebLogic Authentication Bypass
CVE-2018-2894
CWE-287
High
Sangfor NGAF Authentication Bypass
-
CWE-287
High
Strapi Cognito provider Authentication Bypass (CVE-2023-22893)
CVE-2023-22893
CWE-287
High
Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082)
CVE-2023-35082
CWE-287
High
Case-Insensitive Routing Bypass in Express.js Application
-
CWE-287
High
WooCommerce Payments Authentication Bypass and Privilege Escalation
CVE-2023-28121
CWE-287
High
Grafana Snapshot Authentication Bypass (CVE-2021-39226)
CVE-2021-39226
CWE-287
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
CVE-2023-46805
CWE-287
High
Securepoint UTM (CVE-2023-22620, CVE-2023-22897)
CVE-2023-22897
CWE-863
High
TeamCity Authentication Bypass (CVE-2024-27199)
CVE-2024-27199
CWE-288
High
ColdFusion PMS Arbitrary File Read (CVE-2024-20767)
CVE-2024-20767
CWE-284
High
Oracle Business Intelligence AuthBypass CVE-2019-2768
CVE-2019-2768
CWE-200
High
Ektron CMS authentication bypass
CVE-2018-12596
CWE-285
High
JWT Signature is not Verified
-
CWE-287
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Microsoft IIS5 NTLM and Basic authentication bypass
CVE-2007-2815
CWE-264
High
Akeeba backup access control bypass
-
CWE-287
High
Apache Tomcat version older than 6.0.35
CVE-2012-0022
CWE-264
High
Apache Tomcat version older than 7.0.21
CVE-2011-3190
CWE-264
High
Adobe ColdFusion 9 administrative login bypass
CVE-2013-0632
CWE-287
High
Security update: Hotfix available for ColdFusion
CVE-2013-0632
CWE-255
High
WordPress plugin Custom Contact Forms critical vulnerability
-
CWE-287
High
DotNetNuke multiple vulnerabilities
CVE-2012-1030
CWE-79
High
Ektron CMS Account Hijack
-
CWE-264
High
Method Tampering
-
CWE-285
High
Spring Security Authentication Bypass
CVE-2016-5007
CWE-287
High
HTTP verb tampering via POST
-
CWE-285
High
JAAS authentication bypass
-
CWE-693
High
JSP authentication bypass
-
CWE-287
High
Security vulnerability in MySQL/MariaDB sql/password.c
CVE-2012-2122
CWE-287
High
Misfortune Cookie vulnerability
CVE-2014-9222
CWE-119
High
Rails Devise authentication password reset
CVE-2013-0233
CWE-287
High
X-Forwarded-For HTTP header security bypass
-
CWE-287
High
Liferay JSON service API authentication vulnerability
-
CWE-287
High
MediaWiki multiple remote vulnerabilities
CVE-2012-4378
CWE-79
High
Joomla! Core Security Bypass
CVE-2017-11364
CWE-264
High
Unauthenticated Access to Sensitive Functions
-
CWE-306
High
JWT Signature Bypass via unvalidated jku parameter
-
CWE-287
High
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.20)
CVE-2022-31043
CWE-284
High
Drupal Core 8.9.x Security Bypass (8.9.0 - 8.9.5)
CVE-2020-13667
CWE-264
High
Drupal Core 8.x Security Bypass (8.0.0 - 8.2.7)
CVE-2017-6919
CWE-264
High
Drupal Core 8.x Security Bypass (8.0.0 - 8.5.5)
CVE-2018-14773
CWE-749
High
Drupal Core 8.7.4 Security Bypass (8.7.4)
CVE-2019-6342
CWE-264
High
Drupal Core 7.x Security Bypass (7.0 - 7.68)
-
CWE-264
High
Drupal Core 8.7.x Security Bypass (8.7.0 - 8.7.10)
-
CWE-264
High
Drupal Core 8.8.0 Security Bypass (8.8.0)
-
CWE-264
High
Drupal Core 8.8.x Security Bypass (8.8.0 - 8.8.9)
CVE-2020-13667
CWE-264
High
Drupal Core 8.8.x Security Bypass (8.8.0 - 8.8.7)
CVE-2020-13665
CWE-264
High
Drupal Core 8.9.0 Security Bypass (8.9.0)
CVE-2020-13665
CWE-264
High
Drupal Core 8.x.x Security Bypass (8.0.0 - 8.7.14)
CVE-2020-13665
CWE-264
High
Drupal Core 8.3.0 Security Bypass (8.3.0)
CVE-2017-6919
CWE-264
High
Drupal Core 8.x.x Security Bypass (8.0.0 - 8.6.18)
-
CWE-264
High
Drupal Core 9.0.0 Security Bypass (9.0.0)
CVE-2020-13665
CWE-264
High
Drupal Core 9.0.x Security Bypass (9.0.0 - 9.0.5)
CVE-2020-13667
CWE-264
High
Drupal Core 7.x Security Bypass (7.0 - 7.90)
CVE-2022-25275
CWE-264
High
«
1
...
7
8
9
...
12
»
