Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2026-24853 HIGH

caido < 0.55.0 - Authentication Bypass via X-Forwarded-Host Header Spoofing

CVE-2026-25938 CRITICAL

FUXA 1.2.8-1.2.10 - Unauthenticated Remote Code Execution via Node-RED Plugin

CVE-2026-21862 HIGH

rustfs < 1.0.0-alpha.78 - Authentication Bypass via Spoofed X-Forwarded-For Header

CVE-2026-0834 HIGH

TP-Link Archer C20 v5/v6, AX53 v1, TL-WR841N v13 - Unauthenticated RCE via TDDP

CVE-2026-22797 CRITICAL

OpenStack keystonemiddleware <10.7.2, 10.8, 10.9 before 10.9.1, 10....

CVE-2026-0890 MEDIUM

Firefox < 147.0 and Thunderbird < 147.0 - Authentication Bypass by Spoofing via DOM Copy & Paste and Drag & Drop

CVE-2026-21894 MEDIUM

n8n 0.150.0-2.2.1 - Unauthenticated Workflow Trigger via Stripe Webhook Spoofing

CVE-2025-50328 HIGH

B1 Free Archiver 1.5.86 - Auth Bypass

CVE-2025-59707 CRITICAL

N2W <4.3.2 - Spoofing-Based Code Execution and Credential Theft

CVE-2025-59706 CRITICAL

N2W <4.3.2 and 4.4.0 - API Parameter Remote Code Execution

CVE-2025-67298 HIGH

ClasroomIO <0.2.6 - Privilege Escalation

CVE-2025-48840 MEDIUM

Fortinet FortiWeb 7.0-7.6.3 - Auth Bypass

CVE-2025-71056 HIGH

GCOM EPON 1GE ONU C00R371V00B01 - Auth Bypass

CVE-2025-69401 HIGH

WooODT Lite <= 2.5.2 - Authentication Bypass by Spoofing

CVE-2025-13455 HIGH

ThinkPlus configuration software - Auth Bypass

CVE-2025-11250 CRITICAL

Zohocorp ManageEngine ADSelfService Plus <6519 - Auth Bypass

CVE-2025-62235 HIGH

Apache NimBLE <= 1.8.0 - Authentication Bypass by Spoofing via Security Request

CVE-2025-60538 MEDIUM

shiori < 1.7.4 - Authentication Bypass via Login Page Brute Force

CVE-2025-69258 CRITICAL

Trend Micro Apex Central - Unauthenticated Remote Code Execution via LoadLibraryEX DLL Hijacking

CVE-2025-69203 MEDIUM

Signal K Server < 2.19.0 - Authentication Bypass via X-Forwarded-For Spoofing

CVE-2025-68644 HIGH

Yealink RPS <2025-06-27 - Info Disclosure

CVE-2025-65046 LOW

Microsoft Edge Chromium < 143.0.3650.88 - Spoofing

CVE-2025-59385 CRITICAL

QNAP QTS and QuTS hero - Authentication Bypass by Spoofing

CVE-2025-36754 CRITICAL

Growatt ShineLan-X 3.6.0.0-3.6.0.1 - Unauthenticated Authentication Bypass via Crafted POST Request

CVE-2025-36753 CRITICAL

Growatt ShineLan-X Firmware 3.6.0.0-3.6.0.1 - Unauthenticated Debug Interface Access via SWD

Previous Page 4 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy