CWE-290: CWE-290

This vulnerability in Firefox, Firefox ESR, and Thunderbird allows attackers to bypass popup notification delays, tricking users into granting permiss...

This vulnerability allows authenticated users to impersonate other users by sending specially crafted requests to IBM WebSphere Application Server Lib...

Parse Server versions before 5.4.1 incorrectly trust the x-forwarded-for header to determine client IP addresses when not behind a proxy. This allows ...

This CVE describes an access control vulnerability in Huawei's security verification module that allows attackers to bypass authentication mechanisms....

This CVE describes an access control vulnerability in Huawei's security verification module that allows attackers to bypass authentication mechanisms....

This CVE describes an authentication bypass vulnerability in Huawei's security verification module that allows attackers to circumvent access controls...

This vulnerability affects multiple Siemens SCALANCE industrial wireless access points. A physically proximate attacker can trick affected devices int...

This vulnerability allows attackers to spoof legitimate VMS servers in Network Optix NxCloud, enabling them to intercept authorization headers from le...

This vulnerability in ThroughTek's Kalay Platform 2.0 allows attackers to impersonate any ThroughTek IoT device using a valid 20-byte UID. This enable...

This vulnerability in Hono framework versions 4.12.0-4.12.1 allows attackers to bypass IP-based access controls when using the AWS Lambda adapter behi...

This vulnerability allows attackers to spoof the URL bar (Omnibox) in Google Chrome on Android, making malicious websites appear legitimate. Users of ...

This vulnerability allows attackers to bypass MFA enforcement in Obsidian Scheduler by using Basic Authentication through the REST API even when accou...

CVE-2024-22519 is an authentication bypass vulnerability in OpenDroneID OSM 3.5.1 that allows attackers to impersonate legitimate drones by sending cr...

This vulnerability in the PARK DANDAN mini-app on Line v13.6.1 allows attackers to send malicious notifications by exploiting a leaked channel access ...

This vulnerability allows attackers to bypass Caido's domain whitelist protection by injecting a malicious X-Forwarded-Host header, enabling unauthori...

This vulnerability allows attackers to bypass authentication in Apache NimBLE by sending specially crafted Security Request packets. An attacker can r...

This vulnerability allows attackers to bypass authentication on G-Net Dashcam BB GONX devices by spoofing the MAC address of a previously paired devic...

CVE-2024-41107 is an authentication bypass vulnerability in Apache CloudStack's SAML authentication feature. When SAML authentication is enabled, atta...

This vulnerability in lua-resty-jwt 0.2.3 allows attackers to bypass JWT signature verification by crafting a JWT with an 'enc' header set to 'A256GCM...

This vulnerability allows remote unauthenticated attackers to bypass authentication and authorization mechanisms in Brocade SANnav's web interface. Af...

This vulnerability allows attackers to bypass authentication on Saia Burgess Controls (SBC) PCD controllers by spoofing UDP traffic on port 5050. Orga...

This CVE describes an authentication bypass vulnerability in Unitree Robotics A1 robots that allows a local attacker to perform a Man-in-the-Middle (M...

A local authentication bypass vulnerability in ThinkPlus configuration software allows authenticated users to enroll untrusted fingerprints on ThinkPl...

This vulnerability allows local attackers to bypass authentication in Thermo Fisher Torrent Suite Django application by spoofing localhost IP addresse...

This vulnerability allows a malicious actor to take over local user accounts when federated authentication with Silent Just-In-Time Provisioning is en...

This vulnerability in OpenHarmony allows remote attackers to bypass permission verification and install applications without proper authorization, tho...

This vulnerability allows attackers to bypass authentication and spoof identities in the WooODT Lite WordPress plugin. It affects all WooCommerce site...

This vulnerability allows attackers to bypass IP-based access controls in RustFS by spoofing their IP address using HTTP headers. Any client that can ...

This vulnerability in Foxit PDF Editor and Reader allows attackers to modify the visual content of digitally signed PDFs without invalidating the sign...

CVE-2025-66507 is an authentication bypass vulnerability in 1Panel that allows unauthenticated attackers to disable CAPTCHA verification by manipulati...

This vulnerability allows attackers to spoof download notifications in Firefox and Thunderbird, potentially tricking users into executing malicious fi...

A high-severity object lifecycle vulnerability in Google Chrome allows remote attackers to perform UI spoofing via crafted HTML pages. This enables at...

This vulnerability allows attackers to spoof AnyDesk IDs when connections are established via IP addresses, enabling impersonation of legitimate remot...

Arista EOS devices accept malicious UDP packets on port 3503 (LspPing Echo Reply), potentially allowing attackers to trigger unexpected behaviors in U...

This vulnerability allows attackers to bypass API host restrictions in Xerox Workplace Suite by forging Host headers. Attackers can access sensitive A...

CVE-2024-55470 allows attackers to bypass authentication in Oqtane Framework by manipulating the entityid parameter, enabling unauthorized login and a...

This vulnerability in the AWS ALB Identity ASP.NET Core middleware allows attackers to forge valid OIDC sessions when infrastructure is misconfigured....

This vulnerability in Zendesk allows attackers to read private ticket history by spoofing email addresses. Attackers can exploit insufficient email sp...

This vulnerability in CoreDNS allows attackers to perform DNS cache poisoning attacks using a birthday attack technique. Attackers can inject fake DNS...

CVE-2023-28452 is a DNS resolver vulnerability in CoreDNS that allows attackers to cause denial of service by sending forged DNS responses that cause ...

This vulnerability in OpenShift's Telemeter allows attackers to bypass JWT authentication by using forged tokens that evade issuer validation checks. ...

This vulnerability involves inaccurate trust relationships in distributed systems, potentially allowing unauthorized access to sensitive information. ...

This vulnerability in Firefox Focus allows malicious websites to spoof browser interface elements by entering fullscreen mode without proper user noti...

This vulnerability in Tor allows attackers to forge RELAY_END or RELAY_RESOLVED messages to bypass access controls for ending streams. It affects Tor ...

CVE-2021-28810 is an authentication bypass vulnerability in QNAP NAS devices running Roon Server that allows attackers to access restricted resources ...

Yealink RPS (Remote Provisioning Service) before June 27, 2025 allows unauthorized access to sensitive information including AutoP URL addresses due t...

CVE-2022-26505 is a DNS rebinding vulnerability in ReadyMedia (formerly MiniDLNA) that allows a malicious web server to bypass same-origin policy and ...

This vulnerability allows attackers to craft URLs with specific Unicode characters that hide the true origin of web pages, enabling spoofing attacks. ...

CVE-2025-36119 is a web session hijacking vulnerability in IBM Digital Certificate Manager for i (DCM) that allows authenticated non-administrator use...

This vulnerability in JetBrains YouTrack allows attackers to take over user accounts by spoofing email addresses and exploiting the Helpdesk integrati...