Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2026-7507 HIGH

Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover

CVE-2026-46356 HIGH

Fleet: IP spoofing allows bypassing API rate limiting

CVE-2026-24899 HIGH

Fleet Windows MDM Azure AD JWT Authentication Bypass

CVE-2026-24000 MEDIUM

Fleet <4.80.1 Client IP Headers - Rate Limit Bypass

CVE-2026-42602 HIGH

azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

CVE-2026-40460 MEDIUM

NGINX Plus and Open Source - Authentication Bypass via HTTP/3 QUIC Module

CVE-2026-44183 CRITICAL

Cleanuparr: X-Forwarded-For leftmost parsing allows remote unauthenticated admin takeover when reverse-proxy mode is enabled

CVE-2026-28954 HIGH

iOS and iPadOS < 18.7.9 and macOS < 14.8.7, < 15.7.7, < 26.5 - File Quarantine Bypass via Malicious Disk Image

CVE-2026-45223 HIGH

Crabbox < 0.9.0 Authentication Bypass via Admin Claim Injection

CVE-2026-42354 CRITICAL

Sentry: Improper authentication on SAML SSO process allows user identity linking

CVE-2026-6213 CRITICAL

Remote Spark SparkView RCE

CVE-2026-44118 HIGH

OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header

CVE-2026-39858 CRITICAL

Traefik: Forwarded alias spoofing top pre-auth decision bypass

CVE-2026-7422 MEDIUM

MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing

CVE-2026-25660 CRITICAL

Authentication bypass for certain API calls

CVE-2026-40575 CRITICAL

OAuth2 Proxy 7.5.0-7.15.1 X-Forwarded-Uri - Authentication Bypass

CVE-2026-6762 MEDIUM

Mozilla Firefox and Thunderbird 115.35, 140.10, and 150 - DOM Spoofing

CVE-2026-22734 HIGH

Cloud Foundry UAA SAML 2.0 Signature Bypass

CVE-2026-34457 CRITICAL

OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

CVE-2026-39419 LOW

MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

CVE-2026-35656 MEDIUM

OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limiter

CVE-2026-35622 MEDIUM

OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook

CVE-2026-39959 HIGH

Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

CVE-2026-39411 MEDIUM

LobeHub <2.1.48 webapi Routes - Authentication Bypass

CVE-2026-3902 HIGH

ASGI header spoofing via underscore/hyphen conflation

Previous Page 2 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy