Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2026-42662 MEDIUM

WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability

CVE-2026-27089 HIGH

WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

CVE-2026-49757 CRITICAL

OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

CVE-2026-34025 MEDIUM

IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized network locations

CVE-2026-53833 HIGH

OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command

CVE-2026-53832 HIGH

OpenClaw < 2026.5.18 - Identity Header Forgery via Trusted-Proxy Configuration

CVE-2026-53823 HIGH

OpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFrom

CVE-2026-5792 MEDIUM

Authentication Bypass in Related Digital's Related Marketing Cloud (RMC)

CVE-2026-53817 HIGH

OpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing

CVE-2026-53811 HIGH

OpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom

CVE-2026-6090 HIGH

Lenovo Smart Connect < 09.0.2.003.000 - Authentication Bypass by Spoofing

CVE-2026-48567 CRITICAL

Azure HorizonDB Elevation of Privilege Vulnerability

CVE-2026-11019 MEDIUM

Google Chrome < 149.0.7827.53 - Domain Spoofing via Payments Implementation

CVE-2026-11001 MEDIUM

Google Chrome < 149.0.7827.53 - UI Spoofing via Payments Implementation

CVE-2026-8644 CRITICAL

IBM WebSphere Application Server 8.5 and 9.0 - Authentication Bypass by Spoofing

CVE-2026-42674 HIGH

WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

CVE-2026-47123 HIGH

FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path

CVE-2026-44649 CRITICAL

SillyTavern: Authentication Bypass via SSO Header Injection

CVE-2026-46414 HIGH

Microsoft UFO WebSocket role spoofing allows authenticated peer task hijacking

CVE-2026-8676 HIGH

Silabs.com Simplicity SDK < 2024.12.0 - Authentication Bypass by Spoofing

CVE-2026-39309 MEDIUM

Trilium Notes: macOS TCC Bypass via Prompt Spoofing

CVE-2026-8963 HIGH

Firefox < 151.0.0 and Thunderbird < 151.0.0 - Authentication Bypass by Spoofing in Web Speech Component

CVE-2026-8961 MEDIUM

Firefox and Thunderbird < 140.11 and >=151 - Authentication Bypass by Spoofing in Form Autofill

CVE-2026-8960 HIGH

Firefox < 151.0.0 and Thunderbird < 151.0.0 - Authentication Bypass by Spoofing via WebExtensions

CVE-2026-8951 MEDIUM

Spoofing issue in the Toolbar component in Firefox for Android

Page 1 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy