CWE-290: CWE-290

CVE-2025-56689 allows attackers to bypass OTP/MFA authentication in Quest Safeguard for Privileged Passwords by replaying intercepted valid OTP respon...

This vulnerability allows a local attacker to bypass the Mark of the Web (MOTW) security feature in Google Chrome on Windows. Attackers can craft HTML...

This vulnerability allows a local attacker to spoof the Chrome downloads UI via a malicious HTML page, tricking users into believing they're interacti...

This vulnerability in Google Chrome's Split View feature allows attackers to perform UI spoofing by tricking users into performing specific UI gesture...

This CVE describes a user interface spoofing vulnerability in Apple operating systems and Safari browser. Visiting a malicious website could allow att...

This CVE describes an address bar spoofing vulnerability in Apple web browsers. Visiting a malicious website could allow attackers to display a fake U...

An authentication bypass vulnerability in WSO2 Management Console allows attackers with console access to manipulate request URIs and access restricte...

This vulnerability allows attackers to bypass authentication in the Ays Pro Survey Maker WordPress plugin by spoofing identities. It affects all WordP...

This vulnerability allows attackers to bypass authentication in Asgaros Forum WordPress plugin by spoofing user identities. It affects all Asgaros For...

This vulnerability allows attackers to create deceptive UI elements in Google Chrome through crafted HTML pages, enabling UI spoofing attacks. It affe...

This vulnerability allows attackers to potentially bypass authentication in the Corona Virus Tracker App India by exploiting weak MD5 hashing. Attacke...

This CVE describes a lock screen bypass vulnerability in Android that allows local privilege escalation without user interaction. Attackers with physi...

This CVE describes a spoofing vulnerability in Mozilla Firefox and Thunderbird that could allow an attacker to trick users into believing they are int...

This CVE describes a logic vulnerability in TP-Link Archer routers that allows unauthenticated attackers on the same local network to execute administ...

This vulnerability allows unauthenticated attackers to bypass authentication on the web interface by crafting POST requests without proper session val...

This vulnerability allows attackers to bypass authentication in the GTT Tax Information System by impersonating the local WebSocket connection used fo...

This vulnerability in ColorOS allows malicious applications to bypass security warnings during installation under specific conditions. It affects Oppo...

An attacker can take over Looker accounts in instances configured with OIDC authentication due to email address string normalization issues. This affe...