Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2025-59802 HIGH

Foxit PDF Editor and Reader < 2025.2.1 - Signature Spoofing via Optional Content Groups

CVE-2025-13953 CRITICAL

GTT Tax Information System - Auth Bypass

CVE-2025-66508 MEDIUM

1Panel < 2.0.14 - Authentication Bypass via X-Forwarded-For Header Spoofing

CVE-2025-66507 HIGH

1Panel < 2.0.14 - Unauthenticated CAPTCHA Bypass via Client-Controlled Parameter

CVE-2025-14327 HIGH

Firefox < 146.0 and ESR 140.7 - Spoofing in Downloads Panel

CVE-2025-66570 CRITICAL

cpp-httplib <0.27.0 - Info Disclosure

CVE-2025-66270 MEDIUM

KDE Connect <2025-11-28 - Info Disclosure

CVE-2025-27389 MEDIUM

ColorOS 11-15 - Authentication Bypass via Application Installation Source Verification

CVE-2025-54305 HIGH

Thermo Fisher Torrent Suite 5.18.1 - Authentication Bypass via LocalhostAuthMiddleware Spoofing

CVE-2025-13636 MEDIUM

Google Chrome < 143.0.7499.40 - UI Spoofing via Split View Domain Name

CVE-2025-13635 MEDIUM

Google Chrome < 143.0.7499.40 - UI Spoofing via Crafted HTML Page

CVE-2025-13634 MEDIUM

Google Chrome < 143.0.7499.40 - Authentication Bypass via Mark of the Web Spoofing

CVE-2025-59699 MEDIUM

Entrust nShield Connect XC, nShield 5c, and nShield HSMi < 13.6.12 - Privilege Escalation via Legacy GRUB Bootloader

CVE-2025-12653 MEDIUM

GitLab CE/EE <18.4.5-18.6.1 - Info Disclosure

CVE-2025-12414 CRITICAL

Google Cloud Looker Authentication Bypass via Email Address String Normalization

CVE-2025-13015 LOW

Firefox < 115.30.0, 115.30-115.*, <140.5, 140.5-140.*, >=145 - Authentication Bypass by Spoofing

CVE-2025-12430 HIGH

Google Chrome < 142.0.7444.59 - UI Spoofing via Media Object Lifecycle Issue

CVE-2025-11209 HIGH

Google Chrome < 141.0.7390.54 - Omnibox Spoofing via Crafted HTML Page

CVE-2025-27916 HIGH

AnyDesk < 9.0.4 - Authentication Bypass by Spoofing via IP Address Manipulation

CVE-2025-58595 MEDIUM

All In One Login <2.0.9 - Auth Bypass

CVE-2025-43503 MEDIUM

Safari < 26.1 - User Interface Spoofing via Inconsistent State Management

CVE-2025-43493 MEDIUM

macOS Tahoe <26.1 - Info Disclosure

CVE-2025-59501 MEDIUM

Microsoft Configuration Manager 2403 < 5.00.9128.1037 - Authentication Bypass by Spoofing

CVE-2025-11843 HIGH

Therefore Corporation GmbH - Privilege Escalation

CVE-2025-5605 MEDIUM

WSO2 API Control Plane - Authentication Bypass via Request URI Manipulation

Previous Page 5 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy