Exploit Intelligence Platform

CVE-2026-28480 6.5 MEDIUM 1 Writeup EPSS 0.00

OpenClaw <2026.2.14 - Auth Bypass

OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with bots as unauthorized senders.

CWE-290 Mar 05, 2026

CVE-2026-28465 5.9 MEDIUM 1 Writeup EPSS 0.00

OpenClaw voice-call <2026.2.3 - Auth Bypass

OpenClaw's voice-call plugin versions before 2026.2.3 contain an improper authentication vulnerability in webhook verification that allows remote attackers to bypass verification by supplying untrusted forwarded headers. Attackers can spoof webhook events by manipulating Forwarded or X-Forwarded-* headers in reverse-proxy configurations that implicitly trust these headers.

CWE-345 Mar 05, 2026

CVE-2026-27700 8.2 HIGH 1 Writeup EPSS 0.00

Hono 4.12.0-4.12.1 - Auth Bypass

Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load Balancer (ALB), the `getConnInfo()` function incorrectly selected the first value from the `X-Forwarded-For` header. Because AWS ALB appends the real client IP address to the end of the `X-Forwarded-For` header, the first value can be attacker-controlled. This could allow IP-based access control mechanisms (such as the `ipRestriction` middleware) to be bypassed. Version 4.12.2 patches the issue.

CWE-290 Feb 25, 2026

CVE-2026-2800 9.8 CRITICAL EPSS 0.00

Firefox for Android <148 - Spoofing

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148.

CWE-290 Feb 24, 2026

CVE-2024-1524 7.7 HIGH EPSS 0.00

WSO2 IS - Privilege Escalation

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control. The Deployment should have: -An IDP configured for federated authentication with Silent JIT provisioning enabled. The malicious actor should have: -A fresh valid user account in the federated IDP that has not been used earlier. -Knowledge of the username of a valid user in the local IDP. -An account at the federated IDP matching the targeted local username.

CWE-290 Feb 24, 2026

CVE-2025-71056 8.1 HIGH 1 Writeup EPSS 0.00

GCOM EPON 1GE ONU C00R371V00B01 - Auth Bypass

Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.

CWE-290 Feb 23, 2026

CVE-2025-69401 7.5 HIGH EPSS 0.00

WooODT Lite <=2.5.2 - Auth Bypass

Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.

CWE-290 Feb 20, 2026

CVE-2026-24853 8.1 HIGH EPSS 0.00

Caido <0.55.0 - SSRF

Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0.

CWE-290 Feb 13, 2026

CVE-2026-25938 9.8 CRITICAL 1 Writeup EPSS 0.00

Frangoteam Fuxa < 1.2.11 - Missing Authentication

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin is enabled. This has been patched in FUXA version 1.2.11.

CWE-290 Feb 09, 2026

CVE-2026-21862 7.5 HIGH EPSS 0.00

Crates.io Rustfs < 1.0.0-alpha.78 - Authentication Bypass by Spoofing

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-allowlist policies. This issue has been patched in version alpha.78.

CWE-290 Feb 03, 2026

CVE-2020-37056 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Crystal Shard http-protection 0.2.0 - SSRF

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.

CWE-290 Jan 30, 2026

CVE-2026-0834 8.8 HIGH 1 PoC Analysis EPSS 0.00

Tp-link Archer Ax53 Firmware - Authentication Bypass by Spoofing

Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031. Archer AX53 v1.0 < V1_251215

CWE-290 Jan 21, 2026

CVE-2026-22797 9.9 CRITICAL EPSS 0.00

OpenStack keystonemiddleware <10.7.2, 10.8, 10.9 before 10.9.1, 10....

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.

CWE-290 Jan 19, 2026

CVE-2025-13455 7.8 HIGH EPSS 0.00

ThinkPlus configuration software - Auth Bypass

A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.

CWE-290 Jan 14, 2026

CVE-2026-0890 5.4 MEDIUM EPSS 0.00

Mozilla Firefox < 140.7.0 - Authentication Bypass by Spoofing

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

CWE-290 Jan 13, 2026

CVE-2025-11250 9.1 CRITICAL EPSS 0.00

Zohocorp ManageEngine ADSelfService Plus <6519 - Auth Bypass

Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.

CWE-290 Jan 13, 2026

CVE-2025-62235 8.1 HIGH 1 Writeup EPSS 0.00

Apache Nimble < 1.9.0 - Authentication Bypass by Spoofing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue.

CWE-290 Jan 10, 2026

CVE-2025-60538 6.5 MEDIUM EPSS 0.00

shiori <1.7.4 - Auth Bypass

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.

CWE-290 Jan 09, 2026

CVE-2025-69258 9.8 CRITICAL EPSS 0.01

Trendmicro Apex Central - Origin Validation Error

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.

CWE-290 Jan 08, 2026

CVE-2026-21894 6.5 MEDIUM 1 Writeup EPSS 0.00

N8n < 2.2.2 - Authentication Bypass by Spoofing

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event type, causing the workflow to execute as if a legitimate Stripe event had been received. This issue affects n8n users who have active workflows using the Stripe Trigger node. An attacker could potentially fake payment or subscription events and influence downstream workflow behavior. The practical risk is reduced by the fact that the webhook URL contains a high-entropy UUID; however, authenticated n8n users with access to the workflow can view this webhook ID. This issue has been patched in version 2.2.2. A temporary workaround for this issue involves users deactivating affected workflows or restricting access to workflows containing Stripe Trigger nodes to trusted users only.

CWE-290 Jan 08, 2026

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps