Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2025-56800 MEDIUM

Reolink 8.18.12 - Authentication Bypass via Client-Side Lock Screen Password Property

CVE-2025-37147 HIGH

Access Point - Privilege Escalation

CVE-2025-9265 CRITICAL

Kiloview NDI N30 < 2.02.246 - Unauthenticated Broken Authorization

CVE-2025-60868 MEDIUM

Alt Redirect < 1.6.4 - Authentication Bypass via Query String Parameter Spoofing

CVE-2025-61778 CRITICAL

Akka.Remote 1.2.0-1.5.51 - Authentication Bypass via Missing Mutual TLS Enforcement

CVE-2025-54288 MEDIUM

Canonical LXD 4.0-5.21.4 - Authenticated Information Spoofing via Process Name

CVE-2025-59956 MEDIUM

coder/agentapi < 0.4.0 - Unauthorized Data Exfiltration via DNS Rebinding Attack

CVE-2025-56449 HIGH

Obsidian Scheduler <6.3.0 - Auth Bypass

CVE-2025-10530 MEDIUM

Firefox for Android < 143.0 - Authentication Bypass by Spoofing in WebAuthn Component

CVE-2025-59154 MEDIUM

Org.igniterealtime.openfire Xmppserver < 5.0.2 - Authentication Bypass by Spoofing

CVE-2025-7448 HIGH

Wi-SUN Stack >=2.6.0 <2.6.0 - Authentication Bypass by Spoofing via 4-Way Handshake

CVE-2025-26419 LOW

Android - Authentication Bypass via SystemSettingsFragment Logic Error

CVE-2025-26428 LOW

Android - Lock Screen Bypass via LockTaskController Logic Error

CVE-2025-26421 MEDIUM

Android - Authentication Bypass via Lock Screen Logic Error

CVE-2025-56689 MEDIUM

One Identity Safeguard for Privileged Passwords 7.5.1.20903 - Authentication Bypass via OTP Response Replay

CVE-2025-56608 MEDIUM

Android Corona Virus Tracker App India 1.0 - Authentication Bypass via MD5 Digest Spoofing

CVE-2025-6188 HIGH

Arista EOS 4.30.0-4.33.1.2F - Authentication Bypass via Spoofed UDP Port 3503 Packets

CVE-2025-8853 CRITICAL

Official Document Management System - Auth Bypass

CVE-2025-36119 HIGH

IBM i 7.3-7.6 - Authenticated Privilege Escalation via Web Session Hijacking in Digital Certificate Manager

CVE-2025-50454 MEDIUM

Blue Access Cobalt X1 <02.000.187 - Auth Bypass

CVE-2025-36594 CRITICAL

Dell Data Domain Operating System - Authentication Bypass by Spoofing

CVE-2025-46018 MEDIUM

CSC Pay Mobile App 2.19.4 - Authentication Bypass via Bluetooth Disabling

CVE-2025-54576 CRITICAL

oauth2-proxy < 7.11.0 - Authentication Bypass via Skip Auth Routes Regex Matching

CVE-2025-43245 CRITICAL

macOS <15.6-13.7.7 - Info Disclosure

CVE-2025-31511 HIGH

AlertEnterprise Guardian <4.1.14.2.2.1 - Auth Bypass

Previous Page 6 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy