Weaknesses of type CWE-290
466 resultsCVE-2023-36769MEDIUMMicrosoft OneNote Spoofing VulnerabilityEPSS 0.4%CVE-2023-5801—Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect iEPSS 0.4%CVE-2026-40575CRITICALOAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header SpoofingEPSS 0.4%CVE-2025-0440MEDIUMInappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofiEPSS 0.4%CVE-2024-33917MEDIUMWordPress WTI Like Post plugin <= 1.4.6 - IP Restriction Bypass Vulnerability vulnerabilityEPSS 0.4%CVE-2025-12414CRITICALLooker account compromise via punycode homograph attackEPSS 0.4%CVE-2025-13953CRITICALBypass in the authentication method of the GTT Sistema de Información Tributario applicationEPSS 0.4%CVE-2024-25595MEDIUMWordPress Defender Security plugin <= 4.4.1 - IP Restriction Bypass vulnerabilityEPSS 0.4%CVE-2026-7507HIGHOrg.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeoverEPSS 0.4%CVE-2023-30464HIGHCoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.EPSS 0.4%CVE-2023-52176MEDIUMWordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerabilityEPSS 0.4%CVE-2023-40356HIGHPingOne MFA Integration Kit MFA bypassEPSS 0.4%CVE-2026-0834HIGHLogic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13EPSS 0.4%CVE-2023-40702HIGHPingOne MFA Integration Kit MFA bypassEPSS 0.4%CVE-2026-32045HIGHOpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale AuthEPSS 0.4%CVE-2024-11701MEDIUMThe incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusEPSS 0.4%CVE-2024-7981MEDIUMInappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a craftedEPSS 0.4%CVE-2024-25906MEDIUMWordPress Comments Like Dislike plugin <= 1.2.2 - IP Restriction Bypass Vulnerability vulnerabilityEPSS 0.4%CVE-2026-42674HIGHWordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerabilityEPSS 0.4%CVE-2025-6188HIGHOn affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do nEPSS 0.4%