Weaknesses of type CWE-290
466 resultsCVE-2026-33654HIGHZero-Click Indirect Prompt Injection and Authentication Bypass via Email PollingEPSS 0.5%CVE-2025-22223MEDIUMSpring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authEPSS 0.5%CVE-2023-20245MEDIUMMultiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat DefEPSS 0.5%CVE-2024-8935HIGHCWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss
of confidentiality and integriEPSS 0.5%CVE-2024-28228MEDIUMIn JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possibleEPSS 0.5%CVE-2024-50380HIGHAuthentication Bypass by Spoofing in Snap One OVRC cloudEPSS 0.5%CVE-2024-21746MEDIUMWordPress Wp Ultimate Review plugin <= 2.3.6 - IP limit Bypass vulnerabilityEPSS 0.5%CVE-2024-30480LOWWordPress CGC Maintenance Mode plugin <= 1.2 - IP Filtering Bypass vulnerabilityEPSS 0.5%CVE-2024-1555HIGHWhen opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects FirEPSS 0.5%CVE-2022-48349CRITICALThe control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availabilitEPSS 0.5%CVE-2022-38712MEDIUM"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofinEPSS 0.5%CVE-2026-34457CRITICALOAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request ModeEPSS 0.5%CVE-2024-11692MEDIUMAn attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks.EPSS 0.5%CVE-2024-1347MEDIUMAuthentication Bypass by Spoofing in GitLabEPSS 0.5%CVE-2024-20297MEDIUMCisco Adaptive Security Appliance and Firepower Threat Defense AnyConnect Access Control List Bypass VulnerabilityEPSS 0.5%CVE-2024-20299MEDIUMCisco Adaptive Security Appliance and Firepower Threat Defense AnyConnect Access Control List Bypass VulnerabilityEPSS 0.5%CVE-2026-30975HIGHSonarr Authentication Bypass vulnerabilityEPSS 0.5%CVE-2026-24372HIGHWordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerabilityEPSS 0.5%CVE-2025-48840MEDIUMAn authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all EPSS 0.5%CVE-2024-32786MEDIUMWordPress Royal Elementor Addons and Templates plugin <= 1.3.93 - IP Bypass vulnerabilityEPSS 0.5%