VYPR

CWE-290

Authentication Bypass by Spoofing

BaseIncomplete

Description

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-21 · CAPEC-22 · CAPEC-459 · CAPEC-461 · CAPEC-473 · CAPEC-476 · CAPEC-59 · CAPEC-60 · CAPEC-667 · CAPEC-94

CVEs mapped to this weakness (280)

page 3 of 14
  • CVE-2026-0834HigJan 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can…

  • CVE-2026-22797CriJan 19, 2026
    risk 0.57cvss 9.9epss 0.01

    An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0…

  • CVE-2025-11843HigOct 31, 2025
    risk 0.57cvss epss 0.00

    Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API…

  • CVE-2024-50380HigDec 2, 2024
    risk 0.57cvss epss 0.00

    Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.

  • CVE-2023-40356HigJul 9, 2024
    risk 0.57cvss epss 0.00

    PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from…

  • CVE-2026-22734HigApr 17, 2026
    risk 0.56cvss 8.6epss 0.00

    Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that…

  • CVE-2025-7448HigSep 12, 2025
    risk 0.56cvss epss 0.00

    Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle (MitM) attack

  • CVE-2024-30191HigApr 9, 2024
    risk 0.55cvss 8.4epss 0.00

    A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA…

  • CVE-2025-25182CriFeb 12, 2025
    risk 0.54cvss 9.4epss 0.01

    Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a…

  • CVE-2017-8422HigMay 17, 2017
    risk 0.54cvss 7.8epss 0.02

    KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

  • CVE-2026-49757CriJun 15, 2026
    risk 0.53cvss epss 0.01

    Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address (an upsert on the email field, or a…

  • CVE-2025-67298HigMar 11, 2026
    risk 0.53cvss 8.1epss 0.00

    An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile

  • CVE-2025-71056HigFeb 23, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.

  • CVE-2025-61778CriOct 6, 2025
    risk 0.53cvss epss 0.00

    Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport and this would correctly enforce private key validation on the server-side of…

  • CVE-2025-56449HigSep 29, 2025
    risk 0.53cvss 8.2epss 0.00

    A security vulnerability was identified in Obsidian Scheduler's REST API 5.0.0 thru 6.3.0. If an account is locked out due to not enrolling in MFA (e.g. after the 7-day enforcement window), the REST API still allows the use of Basic Authentication to authenticate and perform…

  • CVE-2026-54782criJun 19, 2026
    risk 0.52cvss epss

    ### Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. #### Preconditions Relying-party service is hosted…

  • CVE-2026-49468criJun 16, 2026
    risk 0.52cvss epss 0.01

    ### Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()…

  • CVE-2026-48063criJun 10, 2026
    risk 0.52cvss epss 0.00

    ### Impact Any baileys session under the latest version (< 7.0.0-rc12, and < 6.7.22) can be sent a malicious payload via the placeholderResendMessage and trigger a fake `messages.upsert` event with a **fake message key and payload**. This allows anyone to spoof messages. The…

  • CVE-2026-42354CriMay 8, 2026
    risk 0.52cvss 9.1epss 0.01

    Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious…

  • CVE-2026-40575CriApr 22, 2026
    risk 0.52cvss 9.1epss 0.00

    OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is configured. An attacker can…