Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-290

CWE-290

Authentication Bypass by Spoofing

Parent: CWE-1390 - Weak Authentication

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

575 vulnerabilities with CWE-290

CVE-2024-13685 MEDIUM

Admin and Site Enhancements WordPress Plugin < 7.6.10 - Authentication Bypass via IP Header Spoofing

CVE-2024-36557 MEDIUM

Forever KidsWatch Call Me KW50 and KW60 - Authentication Bypass via IMEI Spoofing

CVE-2024-55925 HIGH

Xerox Workplace Suite - Auth Bypass

CVE-2024-13061 CRITICAL

Electronic Official Document Management System - Auth Bypass

CVE-2024-12108 CRITICAL

WhatsUp Gold 23.1.0-24.0.1 - Authentication Bypass via Public API

CVE-2024-54450 CRITICAL

Kurmi Provisioning Suite 7.9.0.33 - Info Disclosure

CVE-2024-55470 HIGH

Oqtane Framework 6.0.0 - Authentication Bypass via EntityID Parameter Spoofing

CVE-2024-55232 MEDIUM

PHPGurukul Online Notes Sharing Management System 1.0 - Insecure Direct Object Reference

CVE-2024-54158 LOW

JetBrains YouTrack <2024.3.52635 - Open Redirect

CVE-2024-50380 HIGH

Snap One OVRC cloud < 7.3 - Authentication Bypass via MAC Address Spoofing

CVE-2024-53862 HIGH

Argo Workflows 3.5.7-3.5.12 - Unauthenticated Workflow Archive Access via Spoofed Token

CVE-2024-36466 HIGH

Zabbix 6.0.0-6.0.31 - Authentication Bypass via Forged zbx_session Cookie

CVE-2024-11701 MEDIUM

Firefox < 133 and Thunderbird < 133 - Authentication Bypass by Spoofing via Address Bar Display

CVE-2024-11692 MEDIUM

Firefox < 133 and ESR < 128.5 - Authentication Bypass by Spoofing via Select Dropdown Overlay

CVE-2024-8935 HIGH

Schneider Electric Modicon M340 CPU, MC80, Momentum Unity M1E - Authentication Bypass via Man-In-The-Middle Attack

CVE-2024-51504 CRITICAL

Apache ZooKeeper 3.9.0-3.9.2 - Authentication Bypass by Spoofing via X-Forwarded-For Header

CVE-2024-51406 MEDIUM

Floodlight SDN Open Flow Controller 1.2 - Authentication Bypass by Spoofing via Fake LLDP Packets

CVE-2024-10465 MEDIUM

Firefox < 132 and ESR < 128.4 - Authentication Bypass by Spoofing via Persistent Clipboard Paste Button

CVE-2024-10462 MEDIUM

Firefox < 132 and ESR < 128.4 - Origin Spoofing via Truncated URL in Permission Prompt

CVE-2024-20384 MEDIUM

Cisco ASA Software - Unauthenticated Access Control Bypass via ACL Logic Error

CVE-2024-20299 MEDIUM

Cisco ASA Software Unauthenticated ACL Bypass via AnyConnect

CVE-2024-20297 MEDIUM

Cisco Adaptive Security Appliance Software - Unauthenticated Access Control List Bypass via AnyConnect Session

CVE-2024-8901 HIGH

AWS ALB Route Directive Adapter For Istio - Auth Bypass

CVE-2024-10125 HIGH

Amazon.ApplicationLoadBalancer.Identity.AspNetCore - Info Disclosure

CVE-2024-49214 MEDIUM

HAProxy <3.1-dev7, <3.0.5, <2.9.11 - SSRF

Previous Page 9 of 23 Next

Details

Vulnerabilities 575

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy