CWE-290: CWE-290

This vulnerability in JetBrains YouTrack allows attackers to take over user accounts by spoofing email addresses and exploiting the Helpdesk integrati...

CVE-2021-31172 is a spoofing vulnerability in Microsoft SharePoint Server that allows an attacker to trick users into performing actions they didn't i...

This vulnerability in Thunderbird email client incorrectly displays signed OpenPGP messages as encrypted messages when crafted MIME emails claim to co...

This vulnerability allows a physically proximate attacker to boot affected Entrust nShield HSM devices from a USB device with a valid root filesystem,...

This vulnerability allows attackers with root privileges inside any LXD container to spoof their process names to impersonate other containers. This e...

OpenClaw versions before 2026.2.14 have an authorization bypass vulnerability where Telegram allowlist matching uses mutable usernames instead of immu...

CVE-2025-60538 is an authentication bypass vulnerability in shiori bookmark manager versions 1.7.4 and below. Attackers can brute force login credenti...

This CVE describes an authentication bypass vulnerability in n8n's Stripe Trigger node that allows unauthenticated attackers to trigger workflows by s...

This vulnerability in 1Panel allows attackers to bypass IP-based access controls by spoofing the X-Forwarded-For header. Any client can pretend to be ...

This vulnerability allows unauthenticated attackers to join arbitrary organizations in GitLab by manipulating HTTP headers on certain requests. It aff...

The Alt Redirect 1.6.3 addon for Statamic fails to properly sanitize query string parameters when the 'Query String Strip' feature is enabled, allowin...

A spoofing vulnerability in Firefox for Android's WebAuthn component allows attackers to bypass authentication by presenting fake credentials. This af...

An authentication bypass vulnerability in Blue Access' Cobalt X1 software allows unauthorized attackers to log into the application as administrators ...

The fast-jwt library prior to version 5.0.6 improperly validates JWT issuer claims, allowing attackers to forge tokens by including both legitimate an...

This vulnerability allows attackers to send excessive password reset emails to legitimate users by exploiting missing rate limiting in the Forgot Pass...

This vulnerability allows attackers to send excessive password reset emails to legitimate users by exploiting missing rate limiting in the Forgot Pass...

This vulnerability allows attackers to spoof website origins in permission prompts by truncating long URLs, potentially tricking users into granting p...

This vulnerability allows attackers to bypass multi-factor authentication in WS_FTP Server's Web Transfer Module. Users can log in with only username ...

This vulnerability in Annonshop.app's anonymousLocker component allows attackers to send messages that appear to come from arbitrary users by crafting...

This vulnerability allows attackers on the same network to access the TP-Link TL-WR902AC router's web interface without authentication and retrieve st...

Signal K Server versions before 2.19.0 have vulnerabilities that allow attackers to craft convincing social engineering attacks against administrators...

This vulnerability allows attackers to forge signatures on nested JAR files in Spring Boot applications, making malicious content appear signed by tru...

This vulnerability allows an authenticated attacker to bypass two-factor authentication (2FA) in Devolutions Server by using another browser tab to au...

CVE-2024-51406 is an authentication bypass vulnerability in Floodlight SDN OpenFlow Controller v1.2 where local hosts can craft fake LLDP packets to m...

This vulnerability in Openfire's SASL EXTERNAL authentication allows attackers to impersonate legitimate users by crafting malicious X.509 certificate...

A logic error in Cisco ASA and FTD software's Network Service Group ACL implementation allows unauthenticated remote attackers to bypass configured ac...

This vulnerability allows unauthenticated remote attackers to bypass Cisco Snort IPS rules by sending specially crafted HTTP packets. Affected systems...

This CVE describes a spoofing vulnerability in Firefox and Thunderbird's DOM copy-paste and drag-drop components. Attackers can manipulate clipboard o...

The CSC Pay Mobile App version 2.19.4 contains a payment authorization bypass vulnerability where users can disable Bluetooth at a specific point duri...

This vulnerability allows attackers to spoof browser UI elements like tab titles and URLs via malicious web pages. It affects all users running vulner...

The HttpAuth plugin in pGina.Fork allows authentication bypass when an attacker controls DNS resolution for the pginaloginserver domain. This vulnerab...

An Insecure Direct Object Reference (IDOR) vulnerability in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete...

This vulnerability allows attackers to bypass CAPTCHA verification in the BestWebSoft Google Captcha WordPress plugin, enabling identity spoofing and ...

This vulnerability allows attackers to bypass IP-based authentication in the Secure Admin IP WordPress plugin by spoofing their IP address. Attackers ...

Typecho v1.3.0 contains a client IP spoofing vulnerability that allows attackers to falsify their IP addresses by manipulating X-Forwarded-For or Clie...

This CVE describes an IP spoofing vulnerability in Likeshop that allows attackers to forge X-Forwarded or Client-IP headers to bypass IP-based securit...

This vulnerability allows attackers to bypass image protection in the Patreon WordPress plugin by spoofing authentication, enabling unauthorized acces...

This authentication bypass vulnerability in Checkmk allows remote attackers to access HTTP endpoints without proper credentials, potentially exposing ...

This CVE describes an authentication bypass vulnerability in the miniorange Malware Scanner WordPress plugin that allows attackers to spoof IP address...

This vulnerability allows attackers to bypass IP-based access restrictions in the WPMU DEV Branda WordPress plugin by spoofing their IP address. It af...

This vulnerability allows attackers to bypass IP-based access restrictions in the WordPress Restricted Site Access plugin by spoofing authentication. ...

This vulnerability allows attackers to bypass IP-based country blocking restrictions in the IP2Location Country Blocker WordPress plugin by spoofing I...

This CVE describes an authentication bypass vulnerability in the Royal Elementor Addons WordPress plugin that allows attackers to spoof IP addresses a...

This vulnerability allows attackers to bypass IP-based access restrictions in the WPMU DEV Defender Security WordPress plugin by spoofing authenticati...

This vulnerability allows local attackers to bypass the lock screen authentication in Reolink desktop applications by modifying client-side JavaScript...

This vulnerability in matrix-rust-sdk allows malicious homeserver operators to modify encrypted events, making them appear to be sent by different use...

This vulnerability in Ubuntu's gnome-control-center fails to accurately display SSH remote login status when systemd socket activation is used for ope...

This vulnerability allows an authenticated attacker on an adjacent network to spoof their identity in Microsoft Configuration Manager, potentially byp...

CVE-2020-6158 is an address bar spoofing vulnerability in Opera Mini for Android that allows malicious websites to display a fake URL in the browser's...

This vulnerability allows malicious websites to spoof URL addresses displayed in the Focus navigation bar on iOS devices. Attackers can make a malicio...