VYPR

CWE-290

Authentication Bypass by Spoofing

BaseIncomplete

Description

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-21 · CAPEC-22 · CAPEC-459 · CAPEC-461 · CAPEC-473 · CAPEC-476 · CAPEC-59 · CAPEC-60 · CAPEC-667 · CAPEC-94

CVEs mapped to this weakness (280)

page 7 of 14
  • CVE-2026-11019MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11001MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-47123HigMay 29, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent (user) replies based on In-Reply-To / References headers. The…

  • CVE-2026-8961MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8951MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.

  • CVE-2026-7507HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.00

    A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the…

  • CVE-2026-46356HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against…

  • CVE-2026-24899HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS…

  • CVE-2026-40460MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.00

    When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting.  Note: Software versions which have reached End of Technical Support…

  • CVE-2026-3902HigApr 7, 2026
    risk 0.42cvss 7.5epss 0.00

    An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores.…

  • CVE-2026-4728MedMar 24, 2026
    risk 0.42cvss 6.5epss 0.00

    Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2025-10530MedSep 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.

  • CVE-2025-50454MedAug 5, 2025
    risk 0.42cvss 6.5epss 0.00

    An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.

  • CVE-2025-49004HigJun 9, 2025
    risk 0.42cvss 7.5epss 0.01

    Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A…

  • CVE-2025-30110MedMar 18, 2025
    risk 0.42cvss 6.5epss 0.00

    On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can be captured via an ARP…

  • CVE-2024-55470HigDec 20, 2024
    risk 0.42cvss 7.5epss 0.00

    Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation…

  • CVE-2024-39337MedJun 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass.

  • CVE-2024-36588MedJun 13, 2024
    risk 0.42cvss 6.5epss 0.00

    An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request.

  • CVE-2017-12095MedApr 5, 2018
    risk 0.42cvss 6.5epss 0.01

    An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to…

  • CVE-2017-12096MedNov 7, 2017
    risk 0.42cvss 6.5epss 0.01

    An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to…