Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2024-1347 MEDIUM

GitLab < 16.9.6, 16.10 < 16.10.4, 16.11 < 16.11.1 - Authentication Bypass via Crafted Email Address

CVE-2024-33531 HIGH

cdbattags lua-resty-jwt 0.2.3 - Authentication Bypass via JWT enc Header Spoofing

CVE-2024-27349 CRITICAL

Apache HugeGraph-Server <1.3.0 - Auth Bypass

CVE-2024-3843 MEDIUM

Google Chrome < 124.0.6367.60 - UI Spoofing via Crafted HTML Page

CVE-2024-31784 MEDIUM

Typora < 1.8.10 - Authentication Bypass and Arbitrary Code Execution via src Component

CVE-2024-23558 MEDIUM

HCL DevOps Deploy 8.0.0.0-8.0.0.9 and HCL Launch 7.0.0.0-7.0.5.1 - Authenticated Session Fixation via Incomplete Logout

CVE-2024-31863 MEDIUM

Apache Zeppelin <0.11.0 - Auth Bypass

CVE-2024-30191 HIGH

Siemens SCALANCE W Series - Authentication Bypass by Spoofing via Security Context Override

CVE-2024-30190 MEDIUM

Siemens SCALANCE W Series - Denial of Service via Power-Saving Mechanism Abuse

CVE-2024-30189 MEDIUM

Siemens SCALANCE W Series - Authentication Bypass by Spoofing via Wi-Fi Frame Queue Leak

CVE-2024-29006 CRITICAL

Apache CloudStack 4.11.0.0-4.18.1.0 - Authentication Bypass via X-Forwarded-For Header Spoofing

CVE-2024-31008 MEDIUM

WUZHICMS 4.1.0 - Authentication Bypass via Captcha Logic Flaw

CVE-2024-22092 HIGH

OpenHarmony 3.2-3.2.4 - Authentication Bypass via App Installation Permission Spoofing

CVE-2024-28228 MEDIUM

JetBrains YouTrack < 2024.1.25893 - Authentication Bypass via HelpDesk Comment Spoofing

CVE-2024-22457 HIGH

Dell Secure Connect Gateway 5.20 - Auth Bypass

CVE-2024-1555 HIGH

Firefox < 123.0 - SameSite Cookie Bypass via firefox:// Protocol Handler

CVE-2024-1547 MEDIUM

Firefox < 123 and ESR < 115.8 - Authentication Bypass by Spoofing via Alert Dialog

CVE-2024-21494 MEDIUM

greenpau/caddy-security - Authentication Bypass via X-Forwarded-For Header Spoofing

CVE-2024-23674 CRITICAL

German National Identity Card <2024-02-15 - Auth Bypass

CVE-2024-22520 HIGH

Dronetag Drone Scanner <1.5.2 - Privilege Escalation

CVE-2024-22519 HIGH

OpenDroneID OSM 3.5.1 - Authentication Bypass by Spoofing via Crafted Data Packets

CVE-2024-23832 CRITICAL

Mastodon < 3.5.17, 4.0.x < 4.0.13, 4.1.x < 4.1.13, 4.2.x < 4.2.5 - Authentication Bypass via LDAP Origin Validation

CVE-2024-0454 MEDIUM

ELAN Match-on-Chip FPR - Info Disclosure

CVE-2024-20674 HIGH

Windows Kerberos - Privilege Escalation

CVE-2023-41591 CRITICAL

Open Network Foundation ONOS <2.7.0 - Privilege Escalation

Previous Page 12 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy