Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2022-4303 Authentication Bypass by Spoofing vulnerability in Ciphercoin WP Limit Login Attempts
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
network
low complexity
ciphercoin CWE-290
7.5
2023-01-23 CVE-2022-4746 Authentication Bypass by Spoofing vulnerability in Wpmanageninja Fluentauth
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.
network
low complexity
wpmanageninja CWE-290
7.5
2022-12-22 CVE-2022-31738 When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks.
network
low complexity
CWE-290
6.5
2022-12-13 CVE-2022-4098 Authentication Bypass by Spoofing vulnerability in WUT products
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing.
low complexity
wut CWE-290
8.0
2022-12-05 CVE-2022-41798 Authentication Bypass by Spoofing vulnerability in Kyocera products
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information.
low complexity
kyocera CWE-290
6.5
2022-11-28 CVE-2021-45036 Authentication Bypass by Spoofing vulnerability in Velneo Vclient 28.1.3
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
network
high complexity
velneo CWE-290
7.4
2022-11-03 CVE-2022-38712 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations.
network
high complexity
ibm CWE-290
5.9
2022-10-17 CVE-2022-42983 Authentication Bypass by Spoofing vulnerability in Anji-Plus Report 0.9.8.6
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.
network
low complexity
anji-plus CWE-290
8.8
2022-10-12 CVE-2022-0030 Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os
An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.
network
high complexity
paloaltonetworks CWE-290
8.1
2022-10-11 CVE-2022-34689 Authentication Bypass by Spoofing vulnerability in Microsoft products
Windows CryptoAPI Spoofing Vulnerability.
network
low complexity
microsoft CWE-290
7.5