Weaknesses of type CWE-290
466 resultsCVE-2026-32229MEDIUMIn JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabledEPSS 0.2%CVE-2025-13636MEDIUMInappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage EPSS 0.2%CVE-2025-7448HIGHMan in the middle (MitM) attack vulnerability in Wi-SUN libraryEPSS 0.2%CVE-2023-7169MEDIUMImpersonate vendor signed Powershell scriptsEPSS 0.2%CVE-2026-6762MEDIUMSpoofing issue in the DOM: Core & HTML componentEPSS 0.2%CVE-2025-36754CRITICALAuthentication bypass on web interfaceEPSS 0.1%CVE-2026-47123HIGHFreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID PathEPSS 0.1%CVE-2026-33246MEDIUMNATS: Leafnode connections allow spoofing of Nats-Request-Info identity headersEPSS 0.1%CVE-2025-37147HIGHSecure Boot Bypass allows for Compromise of Hardware Root of TrustEPSS 0.1%CVE-2026-31813MEDIUMSupabase Auth has insecure Apple and Azure authentication with ID tokensEPSS 0.1%CVE-2025-13634MEDIUMInappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the EPSS 0.1%CVE-2025-54305HIGHAn issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LEPSS 0.1%CVE-2025-13635MEDIUMInappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafEPSS 0.1%CVE-2026-39411MEDIUMLobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` headerEPSS 0.1%CVE-2026-39959HIGHTmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of serviceEPSS 0.1%CVE-2024-38807MEDIUMCVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's LoaderEPSS 0.1%CVE-2026-34778MEDIUMElectron: Service worker can spoof executeJavaScript IPC repliesEPSS 0.1%CVE-2018-25361HIGHSoroush IM Desktop App 0.17.0 Authentication Bypass via Database InjectionEPSS 0.1%CVE-2025-13455HIGHA vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authEPSS 0.1%CVE-2026-44118HIGHOpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token HeaderEPSS 0.1%