Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2025-34065 MEDIUM

AVTECH IP camera, DVR, and NVR Devices - Unauthenticated Authentication Bypass via /nobody URL Path

CVE-2025-34063 CRITICAL

OneLogin AD Connector <6.1.5 - Auth Bypass

CVE-2025-34053 MEDIUM

AVTECH IP camera, DVR, and NVR devices - Authentication Bypass via .cab URL Spoofing

CVE-2025-23168 MEDIUM

Versa Director - Authentication Bypass via 2FA OTP Redirection and Reuse

CVE-2025-48937 MEDIUM

matrix-sdk-crypto <0.11.1-0.12.0 - Info Disclosure

CVE-2025-49004 HIGH

Caido < 0.48.0 - Authentication Bypass and Remote Code Execution via DNS Rebinding

CVE-2025-48906 HIGH

HarmonyOS - Authentication Bypass in DSoftBus Module

CVE-2025-49002 CRITICAL

DataEase < 2.10.10 - Authentication Bypass via Case Insensitivity

CVE-2025-5067 MEDIUM

Google Chrome < 137.0.7151.55 - UI Spoofing via Tab Strip

CVE-2025-48027 MEDIUM

MutonUfoAI pGina.Fork < 3.9.9.12 - Authentication Bypass via DNS Spoofing

CVE-2025-3875 HIGH

Thunderbird < 128.10.0, 128.10.1-128.*, >=138.0.1 - Sender Spoofing via Invalid From Header Parsing

CVE-2025-27695 MEDIUM

Dell Wyse Management Suite < 5.1 - Authentication Bypass by Spoofing

CVE-2025-46345 MEDIUM

Auth0 Account Link Extension <2.6.6 - Info Disclosure

CVE-2025-24091 MEDIUM

iPadOS < 17.7.3 and < 18.3 - Authentication Bypass via System Notification Spoofing

CVE-2025-28128 HIGH

Mytel Telecom Online Account System 1.0 - Authentication Bypass via OTP Verification Spoofing

CVE-2025-32966 CRITICAL

DataEase < 2.10.8 - Authenticated Remote Code Execution via JDBC Link

CVE-2025-29621 HIGH

RosarioSIS v12.0.0 - Info Disclosure

CVE-2025-32788 MEDIUM

OctoPrint <= 1.10.3 - Authentication Bypass via Login Redirect Spoofing

CVE-2025-2188 HIGH

Honor GameCenter < 16.0.23.304 - Authentication Bypass via Whitelist Mechanism

CVE-2025-32012 HIGH

Jellyfin 10.9.0-10.10.6 - Unauthenticated Denial of Service via IP Spoofing

CVE-2025-32275 MEDIUM

Ays Pro Survey Maker <= 5.1.6.3 - Authentication Bypass by Spoofing

CVE-2025-32227 MEDIUM

Asgaros Forum <= 3.0.0 - Authentication Bypass by Spoofing

CVE-2025-31170 HIGH

Huawei EMUI - Authentication Bypass via Security Verification Module

CVE-2025-3029 HIGH

Firefox < 128.9.0 and < 137.0 - Authentication Bypass by Spoofing via Unicode URL

CVE-2025-31122 CRITICAL

scratch-coding-hut.github.io <1.0-beta3 - Auth Bypass

Previous Page 7 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy