Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-10462 Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird
Truncation of a long URL could have allowed origin spoofing in a permission prompt.
network
low complexity
mozilla CWE-290
6.5
2024-10-29 CVE-2024-10465 Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird
A clipboard "paste" button could persist across tabs which allowed a spoofing attack.
network
low complexity
mozilla CWE-290
6.5
2024-10-11 CVE-2024-45397 Authentication Bypass by Spoofing vulnerability in Dena H2O
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3.
network
low complexity
dena CWE-290
7.5
2024-09-12 CVE-2024-6678 Authentication Bypass by Spoofing vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.
network
low complexity
gitlab CWE-290
8.8
2024-09-10 CVE-2024-44104 Authentication Bypass by Spoofing vulnerability in Ivanti Workspace Control
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti CWE-290
7.8
2024-08-23 CVE-2024-42364 Authentication Bypass by Spoofing vulnerability in Gethomepage Homepage 0.9.1
Homepage is a highly customizable homepage with Docker and service API integrations.
network
low complexity
gethomepage CWE-290
6.5
2024-08-07 CVE-2024-41432 Authentication Bypass by Spoofing vulnerability in Likeshop 2.5.7.20210311
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811.
network
low complexity
likeshop CWE-290
5.3
2024-07-08 CVE-2024-6163 Authentication Bypass by Spoofing vulnerability in Checkmk
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
network
low complexity
checkmk CWE-290
5.3
2024-05-29 CVE-2024-4358 Authentication Bypass by Spoofing vulnerability in Telerik Report Server 2024 10.0.24.130/10.0.24.305
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
network
low complexity
telerik CWE-290
critical
9.8
2024-03-07 CVE-2024-28228 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
network
low complexity
jetbrains CWE-290
5.3