Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

576 vulnerabilities with CWE-290

CVE-2022-1745 MEDIUM

Dominion Voting Systems ImageCast X - Authentication Bypass via Physical Access

CVE-2022-32983 MEDIUM

Knot Resolver <5.5.1 - Info Disclosure

CVE-2022-29165 CRITICAL

Argo CD <2.1.15-2.3.4 - Auth Bypass

CVE-2022-29218 HIGH

RubyGems.org - Authentication Bypass by Spoofing via Gem Upload Platform Handling

CVE-2022-25989 HIGH

Anker Eufy Homebase 2 <2.1.8.5h - Auth Bypass

CVE-2022-24858 MEDIUM

next-auth < 3.29.2 and 4.0.0-4.3.1 - Authentication Bypass via Redirect Callback

CVE-2022-26910 MEDIUM

Skype for Business Server - Authentication Bypass by Spoofing

CVE-2022-26505 HIGH

ReadyMedia <1.3.1 - Info Disclosure

CVE-2022-21142 CRITICAL

a-blog cms 2.8.0-2.8.73, 2.9.0-2.9.38, 2.10.0-2.10.42, 2.11.0-2.11.40 - Unauthenticated Authentication Bypass

CVE-2022-24112 CRITICAL KEV

APISIX Admin API default access token RCE

CVE-2022-23131 CRITICAL KEV

Zabbix 5.4.0-5.4.7 - Unauthenticated Authentication Bypass via SAML Session Spoofing

CVE-2021-47923 CRITICAL

OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie

CVE-2021-25827 CRITICAL

Emby < 4.7.12.0 - Authentication Bypass via X-Forwarded-For Header Spoofing

CVE-2021-45036 HIGH

Velneo vClient 28.1.3 - Authentication Bypass by Spoofing via Hashed Password

CVE-2021-27862 MEDIUM

IEEE 802.2 < 802.2h-1997 - Authentication Bypass via LLC/SNAP Header Spoofing

CVE-2021-27861 MEDIUM

IEEE 802.2 < 802.2h-1997 - Authentication Bypass via LLC/SNAP Header Spoofing

CVE-2021-27854 MEDIUM

IEEE 802.2 < 802.2h-1997 - Authentication Bypass via VLAN 0 and LLC/SNAP Header Spoofing

CVE-2021-27853 MEDIUM

IEEE 802.2 < 802.2h-1997 - Authentication Bypass via VLAN 0 and LLC/SNAP Header Spoofing

CVE-2021-43310 CRITICAL

Keylime < 6.3.0 - Authentication Bypass and Remote Code Execution via Key Reset Request

CVE-2021-42320 HIGH

Microsoft SharePoint Server - Authentication Bypass by Spoofing

CVE-2021-43807 HIGH

Opencast < 9.10 - HTTP Method Spoofing via URL Parameter

CVE-2021-40288 HIGH

TP-Link Archer AX10 < V1_211014 DoS via Spoofed WPA2/WPA3-SAE Frames

CVE-2021-43220 LOW

Microsoft Edge for iOS < 96.0.1054.29 - Spoofing

CVE-2021-42308 LOW

Microsoft Edge Chromium < 96.0.1054.29 - Authentication Bypass by Spoofing

CVE-2021-41130 MEDIUM

Google Extensible Service Proxy ESPv1 - JWT Claim Header Authorization Bypass

Previous Page 18 of 24 Next

Details

Vulnerabilities 576

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy