426 matches found
CVE-2026-42654
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
CVE-2026-40780 WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
CVE-2026-40780
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
CVE-2026-42654
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
CVE-2026-42654
CVE-2026-42654 affects the WordPress Wallet System for WooCommerce plugin (versions up to 2.7.5). The vulnerability is an authentication bypass via an alternate path or channel that enables password recovery exploitation. This is described as a broken authentication vulnerability and specifically...
EUVD-2026-33947
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
PT-2026-45780
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
PT-2026-45779
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the route middleware. An attacker can gain unauthorized access to server-rendered page content by directly requesting the /nuxtisland/page endpoint, bypassing authentication or...
Authentication Bypass Using an Alternate Path or Channel
Overview @nuxt/nitro-server is a Nitro server integration for Nuxt Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the route middleware. An attacker can gain unauthorized access to server-rendered page content by directly requesting...
CVE-2025-41273
CVE-2025-41273 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). Nozomi Networks Labs describe CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI, enabling remote unauthenticated attackers to bypass authentication and perform actions as an...
PT-2026-44811
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and...
CVE-2026-42735
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...
CVE-2026-42745
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-42749
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42745 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
EUVD-2026-32198
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42745
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
EUVD-2026-32194
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...