CWE-290
Authentication Bypass by Spoofing
Description
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-21 · CAPEC-22 · CAPEC-459 · CAPEC-461 · CAPEC-473 · CAPEC-476 · CAPEC-59 · CAPEC-60 · CAPEC-667 · CAPEC-94
CVEs mapped to this weakness (280)
page 1 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48567 | Cri | 0.65 | 10.0 | 0.01 | Jun 4, 2026 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-6213 | — | Cri | 0.65 | — | 0.00 | May 8, 2026 | A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated… | |
| CVE-2025-9265 | Cri | 0.65 | — | 0.00 | Oct 13, 2025 | A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in… | ||
| CVE-2025-34063 | Cri | 0.65 | — | 0.01 | Jul 1, 2025 | A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens… | ||
| CVE-2026-36537 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this… | ||
| CVE-2026-44183 | — | Cri | 0.64 | 9.8 | 0.00 | May 12, 2026 | Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the… | |
| CVE-2021-47923 | Cri | 0.64 | 9.8 | 0.00 | May 10, 2026 | OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover… | ||
| CVE-2018-25318 | Cri | 0.64 | 9.8 | 0.01 | Apr 29, 2026 | Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin… | ||
| CVE-2018-25317 | Cri | 0.64 | 9.8 | 0.01 | Apr 29, 2026 | Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns… | ||
| CVE-2018-25316 | Cri | 0.64 | 9.8 | 0.01 | Apr 29, 2026 | Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language… | ||
| CVE-2025-59707 | — | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2026 | In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability. | |
| CVE-2025-59706 | — | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2026 | In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution. | |
| CVE-2026-2800 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | ||
| CVE-2020-37056 | Cri | 0.64 | 9.8 | 0.01 | Jan 30, 2026 | Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent… | ||
| CVE-2025-8853 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2025 | Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user. | ||
| CVE-2025-1298 | — | Cri | 0.64 | 9.8 | 0.00 | Feb 14, 2025 | Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover. | |
| CVE-2024-13061 | Cri | 0.64 | 9.8 | 0.01 | Dec 31, 2024 | The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens… | ||
| CVE-2024-46957 | Cri | 0.64 | 9.8 | 0.01 | Sep 25, 2024 | Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0. | ||
| CVE-2023-4178 | Cri | 0.64 | 9.8 | 0.01 | Sep 5, 2023 | Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neutron Smart VMS: before b1130.1.0.1. | ||
| CVE-2023-2887 | Cri | 0.64 | 9.8 | 0.01 | May 25, 2023 | Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. |
- risk 0.65cvss 10.0epss 0.01
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss —epss 0.00
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated…
- risk 0.65cvss —epss 0.00
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in…
- risk 0.65cvss —epss 0.01
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens…
- risk 0.64cvss 9.8epss 0.01
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this…
- risk 0.64cvss 9.8epss 0.00
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the…
- risk 0.64cvss 9.8epss 0.00
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover…
- risk 0.64cvss 9.8epss 0.01
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin…
- risk 0.64cvss 9.8epss 0.01
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns…
- risk 0.64cvss 9.8epss 0.01
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language…
- risk 0.64cvss 9.8epss 0.01
In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability.
- risk 0.64cvss 9.8epss 0.01
In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.
- risk 0.64cvss 9.8epss 0.00
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
- risk 0.64cvss 9.8epss 0.01
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent…
- risk 0.64cvss 9.8epss 0.01
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.
- risk 0.64cvss 9.8epss 0.00
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.
- risk 0.64cvss 9.8epss 0.01
The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens…
- risk 0.64cvss 9.8epss 0.01
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neutron Smart VMS: before b1130.1.0.1.
- risk 0.64cvss 9.8epss 0.01
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.