Falhas do tipo CWE-290
466 resultadosCVE-2026-35656MEDIUMOpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate LimiterEPSS 0.3%CVE-2026-47381MEDIUMNocoDB: Cross-Workspace Integration Use in Connection TestEPSS 0.3%CVE-2022-32747HIGHA CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitatEPSS 0.3%CVE-2025-48937MEDIUMmatrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administratorEPSS 0.3%CVE-2024-39337MEDIUMClick Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass.EPSS 0.3%CVE-2026-53817HIGHOpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device PairingEPSS 0.3%CVE-2026-53811HIGHOpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFromEPSS 0.3%CVE-2024-23558MEDIUMHCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logoutEPSS 0.3%CVE-2026-33621MEDIUMPinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API TokenEPSS 0.3%CVE-2026-2800CRITICALSpoofing issue in the WebAuthn component in Firefox for AndroidEPSS 0.3%CVE-2026-8963HIGHSpoofing issue in the Web Speech componentEPSS 0.3%CVE-2025-3029HIGHURL Bar Spoofing via non-BMP Unicode charactersEPSS 0.3%CVE-2025-66570CRITICALcpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)EPSS 0.3%CVE-2024-35749LOWWordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerabilityEPSS 0.3%CVE-2025-56608MEDIUMThe SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`EPSS 0.3%CVE-2024-22457HIGHDell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privilegeEPSS 0.3%CVE-2026-35622MEDIUMOpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat WebhookEPSS 0.3%CVE-2026-32492MEDIUMWordPress My Tickets plugin <= 2.1.1 - Bypass Vulnerability vulnerabilityEPSS 0.3%CVE-2025-50454MEDIUMAn Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the applicationEPSS 0.3%CVE-2022-1745MEDIUM2.2.7 AUTHENTICATION BYPASS BY SPOOFING CWE-290EPSS 0.3%