Weaknesses of type CWE-290
466 resultsCVE-2025-24091MEDIUMAn app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 EPSS 0.3%CVE-2024-0454MEDIUMSecurity Vulnerability on Match-on-Chip FPR ArchitectureEPSS 0.3%CVE-2026-8951MEDIUMSpoofing issue in the Toolbar component in Firefox for AndroidEPSS 0.3%CVE-2025-12653MEDIUMAuthentication Bypass by Spoofing in GitLabEPSS 0.3%CVE-2022-44636MEDIUMThe Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user isEPSS 0.2%CVE-2025-27616HIGHVela Server has Insufficient Webhook Payload Data VerificationEPSS 0.2%CVE-2026-50141HIGHWoodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonationEPSS 0.2%CVE-2026-27700HIGHHono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfoEPSS 0.2%CVE-2025-56800MEDIUMReolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen pEPSS 0.2%CVE-2026-0385MEDIUMMicrosoft Edge (Chromium-based) for Android Spoofing VulnerabilityEPSS 0.2%CVE-2024-44104HIGHAn incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace ControEPSS 0.2%CVE-2025-29621HIGHFrancois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My PrefeEPSS 0.2%CVE-2026-4728MEDIUMSpoofing issue in the Privacy: Anti-Tracking componentEPSS 0.2%CVE-2024-30191HIGHA vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-EPSS 0.2%CVE-2025-71056HIGHImproper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing tEPSS 0.2%CVE-2025-65046LOWMicrosoft Edge (Chromium-based) Spoofing VulnerabilityEPSS 0.2%CVE-2026-53857HIGHOpenClaw < 2026.5.3 - Mutable Display Name Binding in Zalo allowFrom PolicyEPSS 0.2%CVE-2025-11209HIGHInappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents oEPSS 0.2%CVE-2026-44183CRITICALCleanuparr: X-Forwarded-For leftmost parsing allows remote unauthenticated admin takeover when reverse-proxy mode is enabledEPSS 0.2%CVE-2026-39419LOWMaxKB: Sandbox Result Validation Bypass via Tool Output SpoofingEPSS 0.2%