Weaknesses of type CWE-290

466 results
CVE-2026-39419LOWMaxKB: Sandbox Result Validation Bypass via Tool Output SpoofingEPSS 0.2%CVE-2025-13015LOWSpoofing issue in FirefoxEPSS 0.2%CVE-2025-59154MEDIUMOpenfire allows potential identity spoofing via unsafe CN parsingEPSS 0.2%CVE-2025-9265CRITICALAPI Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 ProductsEPSS 0.2%CVE-2025-67298HIGHAn issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profileEPSS 0.2%CVE-2026-44649CRITICALSillyTavern: Authentication Bypass via SSO Header InjectionEPSS 0.2%CVE-2025-24458HIGHIn JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integrationEPSS 0.2%CVE-2025-32788MEDIUMOctoPrint Authenticated Reverse Proxy Page Authentication BypassEPSS 0.2%CVE-2024-30189MEDIUMA vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (EPSS 0.2%CVE-2023-27199PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypaEPSS 0.2%CVE-2026-33223MEDIUMNATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity SpoofingEPSS 0.2%CVE-2026-21862HIGHRustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headersEPSS 0.2%CVE-2026-28480MEDIUMOpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist AuthorizationEPSS 0.2%CVE-2026-5792MEDIUMAuthentication Bypass in Hedef Media's Related Marketing Cloud (RMC)EPSS 0.2%CVE-2025-60868MEDIUMThe Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enablEPSS 0.2%CVE-2026-53823HIGHOpenClaw < 2026.5.3 - Privilege Escalation via Mutable Slack Display Names in allowFromEPSS 0.2%CVE-2026-52845HIGHCaddy: FastCGI header normalization bypass in `forward_auth copy_headers`EPSS 0.2%CVE-2026-8676HIGHAn attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creaEPSS 0.2%CVE-2024-39341MEDIUMEntrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier lEPSS 0.2%CVE-2024-30190MEDIUMA vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-EPSS 0.2%