CWE-290
Authentication Bypass by Spoofing
Description
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-21 · CAPEC-22 · CAPEC-459 · CAPEC-461 · CAPEC-473 · CAPEC-476 · CAPEC-59 · CAPEC-60 · CAPEC-667 · CAPEC-94
CVEs mapped to this weakness (280)
page 7 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11019 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11001 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-47123 | Hig | 0.42 | 7.5 | 0.00 | May 29, 2026 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / References headers. The… | ||
| CVE-2026-8961 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-8951 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. | ||
| CVE-2026-7507 | Hig | 0.42 | 7.5 | 0.00 | May 19, 2026 | A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the… | ||
| CVE-2026-46356 | Hig | 0.42 | 7.5 | 0.00 | May 14, 2026 | Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against… | ||
| CVE-2026-24899 | Hig | 0.42 | 7.5 | 0.00 | May 14, 2026 | Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS… | ||
| CVE-2026-40460 | Med | 0.42 | 6.5 | 0.00 | May 13, 2026 | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support… | ||
| CVE-2026-3902 | Hig | 0.42 | 7.5 | 0.00 | Apr 7, 2026 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.… | ||
| CVE-2026-4728 | Med | 0.42 | 6.5 | 0.00 | Mar 24, 2026 | Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | ||
| CVE-2025-10530 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143. | ||
| CVE-2025-50454 | Med | 0.42 | 6.5 | 0.00 | Aug 5, 2025 | An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials. | ||
| CVE-2025-49004 | Hig | 0.42 | 7.5 | 0.01 | Jun 9, 2025 | Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A… | ||
| CVE-2025-30110 | Med | 0.42 | 6.5 | 0.00 | Mar 18, 2025 | On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can be captured via an ARP… | ||
| CVE-2024-55470 | Hig | 0.42 | 7.5 | 0.00 | Dec 20, 2024 | Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation… | ||
| CVE-2024-39337 | Med | 0.42 | 6.5 | 0.00 | Jun 24, 2024 | Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass. | ||
| CVE-2024-36588 | Med | 0.42 | 6.5 | 0.00 | Jun 13, 2024 | An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request. | ||
| CVE-2017-12095 | Med | 0.42 | 6.5 | 0.01 | Apr 5, 2018 | An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to… | ||
| CVE-2017-12096 | Med | 0.42 | 6.5 | 0.01 | Nov 7, 2017 | An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to… |
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 7.5epss 0.00
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / References headers. The…
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
- risk 0.42cvss 7.5epss 0.00
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the…
- risk 0.42cvss 7.5epss 0.00
Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against…
- risk 0.42cvss 7.5epss 0.00
Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS…
- risk 0.42cvss 6.5epss 0.00
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support…
- risk 0.42cvss 7.5epss 0.00
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.…
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
- risk 0.42cvss 6.5epss 0.00
An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
- risk 0.42cvss 7.5epss 0.01
Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A…
- risk 0.42cvss 6.5epss 0.00
On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can be captured via an ARP…
- risk 0.42cvss 7.5epss 0.00
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation…
- risk 0.42cvss 6.5epss 0.00
Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass.
- risk 0.42cvss 6.5epss 0.00
An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request.
- risk 0.42cvss 6.5epss 0.01
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to…
- risk 0.42cvss 6.5epss 0.01
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to…