Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

535 vulnerabilities with CWE-290

CVE-2026-39858 HIGH

Traefik: Forwarded alias spoofing top pre-auth decision bypass

CVE-2026-7422 MEDIUM

MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing

CVE-2026-25660 CRITICAL

Authentication bypass for certain API calls

CVE-2026-40575 CRITICAL

OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

CVE-2026-6762 MEDIUM

Spoofing issue in the DOM: Core & HTML component

CVE-2026-22734 HIGH

Cloud Foundry UAA SAML 2.0 Signature Bypass

CVE-2026-34457 CRITICAL

OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

CVE-2026-39419 LOW

MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

CVE-2026-35656 MEDIUM

OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limiter

CVE-2026-35622 MEDIUM

OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook

CVE-2026-39959 HIGH

Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

CVE-2026-39411 MEDIUM

LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

CVE-2026-3902 HIGH

ASGI header spoofing via underscore/hyphen conflation

CVE-2026-34778 MEDIUM

Electron: Service worker can spoof executeJavaScript IPC replies

CVE-2026-33175 HIGH

OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims

CVE-2026-33654 CRITICAL

Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

CVE-2026-33433 HIGH

Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField

CVE-2026-33661 HIGH

WeChat Pay callback signature verification bypassed when Host header is localhost

CVE-2026-33621 MEDIUM

PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

CVE-2026-33223 MEDIUM

NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing

CVE-2026-30975 HIGH

Sonarr Authentication Bypass vulnerability

CVE-2026-33246 MEDIUM

NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

CVE-2026-32492 MEDIUM

WordPress My Tickets plugin <= 2.1.1 - Bypass Vulnerability vulnerability

CVE-2026-24372 HIGH

WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

CVE-2026-4728 MEDIUM

Spoofing issue in the Privacy: Anti-Tracking component

Page 1 of 22 Next

Details

Vulnerabilities 535

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy