By weakness (CWE)

CWE-288: related vulnerabilities

CVEs classified under CWE-288. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

3 published vulnerabilities

  • CVE-2026-40780HIGH 7.5

    Liquid Web's BookIt plugin contains a flaw in its password recovery mechanism that allows attackers to bypass authentication. Rather than attacking the login process directly, an attacker can exploit an alternate recovery path to gain unauthorized access without needing valid credentials. This affects BookIt versions before 2.5.4.1.

  • CVE-2026-42654HIGH 7.1

    WP Swings Wallet System for WooCommerce contains a flaw that allows attackers with an existing user account to bypass normal authentication safeguards and exploit the password recovery mechanism. An authenticated attacker could use this vulnerability to take over other user accounts, including administrative ones, without knowing their passwords. The vulnerability affects all versions up to and including 2.7.5.

  • CVE-2026-36175MEDIUM 6.8

    CVE-2026-36175 is a physical authentication bypass vulnerability affecting GNCC GP5 v7.1.76. An attacker with direct physical access to a device can interrupt the boot process and inject malicious kernel boot arguments, circumventing security controls to obtain root-level access. The vulnerability requires the attacker to be present at the device during startup, making it a targeted risk rather than a remote threat.