VYPR

CWE-290

Authentication Bypass by Spoofing

BaseIncomplete

Description

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-21 · CAPEC-22 · CAPEC-459 · CAPEC-461 · CAPEC-473 · CAPEC-476 · CAPEC-59 · CAPEC-60 · CAPEC-667 · CAPEC-94

CVEs mapped to this weakness (280)

page 6 of 14
  • CVE-2026-53823HigJun 12, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potentially gaining unauthorized agent access…

  • CVE-2026-42602HigMay 13, 2026
    risk 0.46cvss 8.1epss 0.00

    azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate…

  • CVE-2026-39959HigApr 9, 2026
    risk 0.46cvss 7.1epss 0.00

    Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file…

  • CVE-2025-37147HigOct 14, 2025
    risk 0.46cvss 7.1epss 0.00

    A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or…

  • CVE-2025-26696HigMar 10, 2025
    risk 0.46cvss 7.0epss 0.00

    Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.

  • CVE-2024-33531HigApr 24, 2024
    risk 0.46cvss 8.1epss 0.01

    cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM.

  • CVE-2023-23398HigMar 14, 2023
    risk 0.46cvss 7.1epss 0.01

    Microsoft Excel Spoofing Vulnerability

  • CVE-2017-16897HigDec 27, 2017
    risk 0.46cvss 8.1epss 0.01

    A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response…

  • CVE-2026-6090HigJun 10, 2026
    risk 0.45cvss 7.0epss 0.00

    A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.

  • CVE-2025-34065MedJul 1, 2025
    risk 0.45cvss epss 0.01

    An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.

  • CVE-2025-34053MedJul 1, 2025
    risk 0.45cvss epss 0.01

    An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.

  • CVE-2025-22271MedFeb 28, 2025
    risk 0.45cvss epss 0.00

    The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version…

  • CVE-2018-25361MedMay 25, 2026
    risk 0.44cvss 6.8epss 0.00

    Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's…

  • CVE-2026-44118HigMay 6, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.

  • CVE-2026-32229MedMar 11, 2026
    risk 0.44cvss 6.8epss 0.00

    In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled

  • CVE-2026-53833HigJun 12, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin…

  • CVE-2026-53832HigJun 12, 2026
    risk 0.43cvss 7.7epss 0.00

    OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity headers to assume operator identity and…

  • CVE-2024-36557MedFeb 6, 2025
    risk 0.43cvss 6.6epss 0.00

    The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to the IMEI of a unit they registered in…

  • CVE-2026-42662MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.

  • CVE-2026-5792MedJun 12, 2026
    risk 0.42cvss 6.5epss 0.00

    Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. This issue affects Related Marketing Cloud (RMC): through 12052026.