Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2026-34778 MEDIUM

Electron: Service worker can spoof executeJavaScript IPC replies

CVE-2026-33175 HIGH

OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims

CVE-2026-33654 CRITICAL

Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

CVE-2026-33433 HIGH

Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField

CVE-2026-33661 HIGH

WeChat Pay callback signature verification bypassed when Host header is localhost

CVE-2026-33621 MEDIUM

PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

CVE-2026-33223 MEDIUM

NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing

CVE-2026-30975 HIGH

Sonarr Authentication Bypass vulnerability

CVE-2026-33246 MEDIUM

NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

CVE-2026-32492 MEDIUM

WordPress My Tickets plugin <= 2.1.1 - Bypass Vulnerability vulnerability

CVE-2026-24372 HIGH

WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability

CVE-2026-4728 MEDIUM

Spoofing issue in the Privacy: Anti-Tracking component

CVE-2026-32045 MEDIUM

OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth

CVE-2026-32666 HIGH

Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing

CVE-2026-33131 HIGH

h3 NodeRequestUrl Host Header - Middleware Bypass

CVE-2026-32014 HIGH

OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields

CVE-2026-0385 MEDIUM

Microsoft Edge (Chromium-based) for Android - Spoofing

CVE-2026-31889 HIGH

Shopware <6.6.10.15/6.7.8.1 - Auth Bypass

CVE-2026-27478 CRITICAL

Unity Catalog <=0.4.0 - Auth Bypass

CVE-2026-31813 MEDIUM

Supabase Auth <2.185.0 - Auth Bypass

CVE-2026-32229 MEDIUM

JetBrains Hub <2026.1 - Auth Bypass

CVE-2026-28480 MEDIUM

OpenClaw < 2026.2.14 - Authentication Bypass via Telegram Username Spoofing

CVE-2026-28465 MEDIUM

OpenClaw voice-call <2026.2.3 - Auth Bypass

CVE-2026-27700 HIGH

Hono 4.12.0-4.12.1 - IP Spoofing via X-Forwarded-For Header Mishandling

CVE-2026-2800 CRITICAL

Firefox for Android <148 - Spoofing

Previous Page 3 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy