CWE-290— Authentication Bypass by Spoofing
534 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-290page 5 of 11
- CVE-2023-23398HIGHCVSS 7.1EG 7.12023-03-14
Microsoft Excel Spoofing Vulnerability
- CVE-2023-24892HIGHCVSS 8.2EG 7.12023-03-14
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
- CVE-2023-24935MEDIUMCVSS 6.1EG 6.12023-04-11
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2023-25743HIGHCVSS 7.5EG 7.52023-06-02
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Fire…
- CVE-2023-27199MEDIUMCVSS 6.7EG 6.72023-07-05
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.
- CVE-2023-27964MEDIUMCVSS 5.4EG 5.42023-06-23
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Blue…
- CVE-2023-2807MEDIUMCVSS 6.4EG 6.42023-06-13
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects Pan…
- CVE-2023-28452HIGHCVSS 7.5EG 7.52024-09-18
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker c…
- CVE-2023-28803MEDIUMCVSS 5.9EG 5.92023-10-23
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.
- CVE-2023-2887CRITICALCVSS 9.8EG 9.12023-05-25
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
- CVE-2023-29147MEDIUMCVSS 5.5EG 5.52023-06-30
In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the …
- CVE-2023-29334MEDIUMCVSS 4.3EG 4.32023-04-28
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2023-30464HIGHCVSS 7.5EG 3.72024-09-18
CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.
- CVE-2023-30803CRITICALCVSS 9.8EG 9.82023-10-10
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP r…
- CVE-2023-30950MEDIUMCVSS 6.5EG 6.52023-08-03
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
- CVE-2023-3103HIGHCVSS 8.0EG 8.02023-11-22
Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to co…
- CVE-2023-3128CRITICALCVSS 9.4EG 9.42023-06-22
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured…
- CVE-2023-31424HIGHCVSS 8.1EG 8.12023-08-31
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.
- CVE-2023-32207HIGHCVSS 8.8EG 6.52023-06-02
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- CVE-2023-3243HIGHCVSS 8.3EG 8.32023-06-28
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted pro…
- CVE-2023-33140MEDIUMCVSS 6.5EG 6.52023-06-14
Microsoft OneNote Spoofing Vulnerability
- CVE-2023-34157CRITICALCVSS 10.0EG 10.02023-06-16
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.
- CVE-2023-34158MEDIUMCVSS 5.3EG 5.32023-06-19
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
- CVE-2023-34160MEDIUMCVSS 5.3EG 5.32023-06-19
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
- CVE-2023-34167MEDIUMCVSS 5.3EG 5.32023-06-19
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
- CVE-2023-34329CRITICALCVSS 9.1EG 9.12023-07-18
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.
- CVE-2023-35392MEDIUMCVSS 4.7EG 4.72023-07-21
Microsoft Edge (Chromium-based) Spoofing Vulnerability
- CVE-2023-35622HIGHCVSS 7.5EG 7.52023-12-12
Windows DNS Spoofing Vulnerability
- CVE-2023-36769MEDIUMCVSS 4.6EG 4.62023-11-06
Microsoft OneNote Spoofing Vulnerability
- CVE-2023-36883MEDIUMCVSS 4.3EG 4.32023-07-14
Microsoft Edge for iOS Spoofing Vulnerability
- CVE-2023-37865MEDIUMCVSS 5.3EG 5.32024-06-04
Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2…
- CVE-2023-38173MEDIUMCVSS 4.3EG 4.32023-07-21
Microsoft Edge for Android Spoofing Vulnerability
- CVE-2023-4001MEDIUMCVSS 6.8EG 5.62024-01-15
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attach…
- CVE-2023-40332MEDIUMCVSS 5.3EG 5.32024-06-04
Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
- CVE-2023-40356HIGHCVSS 8.7EG 0.02024-07-09
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without req…
- CVE-2023-40702HIGHCVSS 7.7EG 0.02024-07-09
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor mig…
- CVE-2023-41069MEDIUMCVSS 5.5EG 5.52024-01-10
This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID.
- CVE-2023-41133MEDIUMCVSS 5.3EG 5.32024-12-13
Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0.
- CVE-2023-41134MEDIUMCVSS 5.3EG 5.32024-06-04
Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3.
- CVE-2023-41329LOWCVSS 3.9EG 3.92023-09-06
WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions …
- CVE-2023-41591CRITICALCVSS 9.8EG 9.82025-05-29
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.
- CVE-2023-4178CRITICALCVSS 9.8EG 8.22023-09-05
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass. This issue affects Neutron Smart VMS: before b1130.1.0.1.
- CVE-2023-4279HIGHCVSS 7.5EG 7.52023-09-04
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
- CVE-2023-4281MEDIUMCVSS 5.3EG 5.32023-09-25
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.
- CVE-2023-42843MEDIUMCVSS 4.3EG 7.52024-02-21
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to addr…
- CVE-2023-42889MEDIUMCVSS 5.5EG 5.32024-02-21
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences.
- CVE-2023-43304HIGHCVSS 8.2EG 5.32023-12-07
An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
- CVE-2023-44117HIGHCVSS 7.5EG 7.52024-01-16
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2023-44447MEDIUMCVSS 6.5EG 6.52024-05-03
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authen…
- CVE-2023-44463MEDIUMCVSS 5.3EG 5.32023-10-02
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoo…
Map vulnerabilities like CWE-290 to your infrastructure
EchelonGraph correlates every CVE — across CWE-290 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →