CWE-290: CWE-290

This vulnerability in cpp-httplib allows attackers to inject HTTP headers (REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT) that shadow server-genera...

This vulnerability allows attackers to bypass authentication by spoofing tokens, enabling impersonation attacks on affected My Cloud OS 5 devices. It ...

This vulnerability allows attackers to hijack the HwWatchHealth component on HarmonyOS devices, causing repeated pop-up windows that disrupt normal ap...

CVE-2022-2310 is an authentication bypass vulnerability in Skyhigh Secure Web Gateway (SWG) that allows remote attackers to access the administration ...

CVE-2020-7388 is an unauthenticated remote command execution vulnerability in Sage X3's AdxDSrv.exe component that allows attackers to bypass authenti...

This vulnerability allows attackers to modify trusted SAML responses in Fleet osquery manager, enabling unauthorized logins through SSO authentication...

This vulnerability in OpenStack keystonemiddleware allows authenticated attackers to forge identity headers like X-Is-Admin-Project, X-Roles, or X-Use...

This critical vulnerability in Azure AI Face Service allows attackers to bypass authentication mechanisms by spoofing identity, enabling privilege esc...

This vulnerability in GitLab allows an attacker to trigger CI/CD pipelines as any user under specific conditions, potentially leading to unauthorized ...

A spoofing vulnerability in the WebAuthn component of Firefox for Android allows attackers to potentially impersonate legitimate websites during authe...

An authentication bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to execute arbitrary code on the s...

This CVE describes an authentication bypass vulnerability in QNAP operating systems that allows remote attackers to spoof authentication and access re...

The SWD debug interface on Growatt ShineLan-X communication dongles is enabled by default, allowing attackers to gain debug access to extract secrets ...

Official Document Management System by 2100 Technology has an authentication bypass vulnerability that allows unauthenticated remote attackers to obta...

An authentication bypass vulnerability in Dell PowerProtect Data Domain allows unauthenticated remote attackers to create accounts and bypass protecti...

This CVE describes a code-signing downgrade vulnerability in macOS that allows malicious applications to bypass security restrictions and access prote...

CVE-2023-41591 is an authentication bypass vulnerability in ONOS SDN controller that allows attackers to spoof IP/MAC addresses. This enables man-in-t...

DataEase versions before 2.10.8 contain a vulnerability where authenticated users can achieve remote code execution through the backend JDBC connectio...

This vulnerability allows attackers to bypass multi-factor authentication in TOTVS Framework (Linha Protheus) by sending specially crafted websocket m...

CVE-2024-54085 is a critical authentication bypass vulnerability in AMI's SPx BMC firmware that allows remote attackers to gain unauthorized access th...

CVE-2022-3180 is an unauthenticated privilege escalation vulnerability in the WPGateway WordPress plugin that allows attackers to create administrator...

The Electronic Official Document Management System from 2100 Technology has an authentication bypass vulnerability that allows unauthenticated remote ...

This vulnerability in Mellium XMPP library allows attackers to spoof responses when predictable IDs are used, because the library fails to verify stan...

An authentication bypass vulnerability in Progress Telerik Report Server allows unauthenticated attackers to access restricted functionality. This aff...

This vulnerability allows attackers to spoof their IP address using the x-forwarded-for HTTP header, potentially bypassing authentication in CloudStac...

This vulnerability in ujcms v8.0.2 allows remote attackers to spoof IP addresses via the X-Forwarded-For header, potentially leading to information di...

CVE-2023-30803 is an authentication bypass vulnerability in Sangfor Next-Gen Application Firewall NGAF version 8.0.17. Remote unauthenticated attacker...

CVE-2021-25827 is an authentication bypass vulnerability in Emby Server that allows attackers to bypass login requirements by setting the X-Forwarded-...

This CVE describes an authentication bypass vulnerability in CBOT Chatbot that allows attackers to spoof authentication and gain unauthorized access. ...

CVE-2022-21142 is an authentication bypass vulnerability in a-blog CMS that allows remote unauthenticated attackers to bypass authentication under spe...

CVE-2022-24112 is a critical authentication bypass vulnerability in Apache APISIX's batch-requests plugin that allows attackers to bypass IP restricti...

This vulnerability allows attackers to bypass authentication in the Booster for WooCommerce WordPress plugin by exploiting weak token generation in th...

CVE-2020-22001 is an authentication bypass vulnerability in HomeAutomation 3.3.2 that allows attackers to spoof their IP address using the X-Forwarded...

This vulnerability allows man-in-the-middle attackers to bypass authentication in Germany's Online-Ausweis-Funktion eID scheme, enabling identity thef...

This CVE describes an authentication bypass vulnerability in Stroom data platform when configured with AWS Application Load Balancer (ALB) authenticat...

CVE-2024-54450 is an authentication IP spoofing vulnerability in Kurmi Provisioning Suite where attackers can forge the X-Forwarded-For header to make...

This vulnerability in Mastodon's LDAP authentication allows attackers to impersonate and take over any remote account due to insufficient origin valid...

This vulnerability allows attackers to bypass authentication and take over Grafana accounts when Azure AD OAuth is configured with multi-tenant applic...

This authentication bypass vulnerability in ManageEngine ADSelfService Plus allows attackers to circumvent login protections and gain unauthorized acc...

This vulnerability allows attackers to bypass authentication in the WordPress 'All In One Login' plugin by spoofing identities, enabling unauthorized ...

This vulnerability allows attackers to bypass authentication in OAuth2-Proxy by crafting URLs with query parameters that match regex patterns in the s...

This vulnerability allows attackers to bypass IP-based authentication in ZooKeeper Admin Server by spoofing the X-Forwarded-For HTTP header. It affect...

This CVE describes an authentication bypass vulnerability in Apache SeaTunnel where a hardcoded JWT secret key allows attackers to forge authenticatio...

This vulnerability allows attackers to bypass mTLS authentication to Cloud Foundry applications by crafting specific HTTP requests. It affects deploym...

This vulnerability allows attackers to bypass identity verification in the face unlock module on affected Huawei devices. Successful exploitation coul...

This vulnerability in AMI MegaRAC SPx12 BMC allows attackers to bypass authentication by spoofing HTTP headers, potentially gaining unauthorized acces...

This vulnerability allows unauthenticated attackers to modify session data and escalate privileges to admin access in Zabbix Frontend when SAML SSO au...

This vulnerability in OpenStack Neutron allows attackers controlling a server instance to impersonate hardware addresses (MAC addresses) of other syst...

This vulnerability allows attackers to bypass authentication and gain unauthorized read/write access to industrial controllers by spoofing Modbus comm...