Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2024-49193 HIGH

Zendesk <2024-07-02 - Info Disclosure

CVE-2024-45397 MEDIUM

h2o HTTP Server - Spoofed Source Access Control Bypass

CVE-2024-9391 MEDIUM

Firefox Focus for Android < 131.0 - Authentication Bypass by Spoofing via Full-Screen Mode

CVE-2024-46957 CRITICAL

mellium.im/xmpp 0.0.1-0.21.4 - Authentication Bypass via Predictable ID Spoofing

CVE-2024-39341 MEDIUM

Entrust Instant Financial Issuance (On Premise) Software - Info Dis...

CVE-2024-45453 LOW

Peter Hardy-vanDoorn Maintenance Redirect <2.0.1 - Auth Bypass

CVE-2024-8908 MEDIUM

Google Chrome < 129.0.6668.58 - UI Spoofing via Autofill

CVE-2024-6678 CRITICAL

GitLab CE/EE <17.1.7-17.3.2 - Privilege Escalation

CVE-2024-44104 HIGH

Ivanti Workspace Control < 10.18.99.0 - Authenticated Privilege Escalation via Authentication Spoofing

CVE-2024-8399 MEDIUM

Firefox Focus < 130.0 - URL Spoofing via JavaScript Links

CVE-2024-8386 MEDIUM

Firefox < 130- Thunderbird < 128.2 - XSS

CVE-2024-43944 LOW

Yassine Idrissi Maintenance & Coming Soon Redirect Animation <2.1.3...

CVE-2024-7745 MEDIUM

WS_FTP Server <8.8.8 - Privilege Escalation

CVE-2024-42364 MEDIUM

Homepage 0.9.1 - Unauthenticated Information Disclosure via DNS Rebinding

CVE-2024-38807 MEDIUM

Spring Boot Loader 2.7.0-2.7.21, 3.0.0-3.0.16, 3.1.0-3.1.12, 3.2.0-3.2.8, 3.3.0-3.3.2 - Signature Forgery

CVE-2024-7981 MEDIUM

Google Chrome < 128.0.6613.84 - UI Spoofing via Crafted HTML Page

CVE-2024-35539 MEDIUM

Typecho 1.3.0 - Race Condition in Post Commenting Function

CVE-2024-35538 MEDIUM

Typecho 1.3.0 - Client IP Spoofing via X-Forwarded-For or Client-Ip Headers

CVE-2024-41432 MEDIUM

Likeshop < 2.5.7.20210811 - IP Spoofing via X-Forwarded or Client-IP Header

CVE-2024-27853 MEDIUM

macOS Sonoma <14.4 - Info Disclosure

CVE-2024-41107 HIGH

Apache CloudStack 4.5.0-4.18.2.1 - Authentication Bypass via SAML Response Spoofing

CVE-2024-37430 MEDIUM

Patreon WordPress <1.9.0 - Auth Bypass

CVE-2024-6163 MEDIUM

Checkmk <2.3.0p10-2.0.0p39 - Auth Bypass

CVE-2024-37082 CRITICAL

haproxy-boshrelease < 0.299.0 - mTLS Authentication Bypass via Crafted HTTP Requests

CVE-2024-39350 HIGH

Synology BC500 and TC500 Firmware < 1.0.7-0298 - Authentication Bypass via RTSP Spoofing

Previous Page 10 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy