Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2025-22223 MEDIUM

Spring Security 6.4.0-6.4.3 - Auth Bypass

CVE-2025-30144 MEDIUM

fast-jwt < 5.0.6 - Authentication Bypass via Issuer Claim Spoofing

CVE-2025-30142 HIGH

G-Net Dashcam BB GONX - Auth Bypass

CVE-2025-30110 MEDIUM

IROAD X5 - Authentication Bypass via MAC Address Spoofing

CVE-2025-27616 HIGH

go-vela/server < 0.25.3 and 0.26.0-0.26.3 - Repository Ownership Transfer via Spoofed Webhook Payload

CVE-2025-26696 HIGH

Thunderbird < 128.8.0 and 128.8-128.* and >=136 - Authentication Bypass by Spoofing via OpenPGP Message Type

CVE-2025-27671 CRITICAL

Vasion Print < 20.0.1923 and Virtual Appliance < 22.0.843 - Device Impersonation

CVE-2025-22271 MEDIUM

CyberArk Endpoint Privilege Manager <24.7.1 - SSRF

CVE-2025-25055 MEDIUM

FileMegane >1.0.0.0 <3.4.0.0 - Auth Bypass

CVE-2025-1298 CRITICAL

com.transsion.carlcare - Info Disclosure

CVE-2025-25182 CRITICAL

Stroom <7.2.24, 7.3-beta.22, 7.4.4, 7.5-beta.2 - Auth Bypass

CVE-2025-1104 HIGH

D-Link DHP-W310AV 1.04 - Authentication Bypass by Spoofing

CVE-2025-21415 CRITICAL

Azure AI Face Service - Authentication Bypass by Spoofing

CVE-2025-24628 MEDIUM

BestWebSoft Google Captcha <1.78 - Auth Bypass

CVE-2025-24458 HIGH

JetBrains YouTrack < 2024.3.55417 - Account Takeover via Spoofed Email and Helpdesk Integration

CVE-2025-0442 MEDIUM

Google Chrome < 132.0.6834.83 - UI Spoofing via Payments Implementation

CVE-2025-0440 MEDIUM

Google Chrome < 132.0.6834.83 - UI Spoofing via Fullscreen Implementation

CVE-2024-1524 HIGH

WSO2 API Manager 4.2.0-4.2.0.107 and Identity Server 6.0.0-6.0.0.170 - Authentication Bypass via Silent JIT Provisioning

CVE-2024-8273 HIGH

hypr_server < 10.1.0 - Authentication Bypass by Spoofing

CVE-2024-55210 CRITICAL

TOTVS Framework (Linha Protheus) 12.1.2310 - Authentication Bypass via WebSocket Message

CVE-2024-58127 HIGH

Huawei EMUI - Authentication Bypass via Security Verification Module

CVE-2024-58126 HIGH

Huawei EMUI - Authentication Bypass via Security Verification Module

CVE-2024-58125 HIGH

Huawei EMUI - Authentication Bypass via Security Verification Module

CVE-2024-58124 HIGH

Huawei EMUI and HarmonyOS - Authentication Bypass via Security Verification Module

CVE-2024-54085 CRITICAL KEV

AMI MegaRAC SP-X 12-12.7 - Unauthenticated Authentication Bypass via Redfish Host Interface

Previous Page 8 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy