Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2024-12-04 CVE-2024-54158 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
network
low complexity
jetbrains CWE-290
5.3
2024-10-29 CVE-2024-10462 Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird
Truncation of a long URL could have allowed origin spoofing in a permission prompt.
network
low complexity
mozilla CWE-290
6.5
2024-10-29 CVE-2024-10465 Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird
A clipboard "paste" button could persist across tabs which allowed a spoofing attack.
network
low complexity
mozilla CWE-290
6.5
2024-10-11 CVE-2024-45397 Authentication Bypass by Spoofing vulnerability in Dena H2O
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3.
network
low complexity
dena CWE-290
7.5
2024-09-12 CVE-2024-6678 Authentication Bypass by Spoofing vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.
network
low complexity
gitlab CWE-290
8.8
2024-09-10 CVE-2024-44104 Authentication Bypass by Spoofing vulnerability in Ivanti Workspace Control
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
local
low complexity
ivanti CWE-290
7.8
2024-08-23 CVE-2024-42364 Authentication Bypass by Spoofing vulnerability in Gethomepage Homepage 0.9.1
Homepage is a highly customizable homepage with Docker and service API integrations.
network
low complexity
gethomepage CWE-290
6.5
2024-08-07 CVE-2024-41432 Authentication Bypass by Spoofing vulnerability in Likeshop 2.5.7.20210311
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811.
network
low complexity
likeshop CWE-290
5.3
2024-07-08 CVE-2024-6163 Authentication Bypass by Spoofing vulnerability in Checkmk
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
network
low complexity
checkmk CWE-290
5.3
2024-06-11 CVE-2024-5812 Authentication Bypass by Spoofing vulnerability in Beyondtrust Beyondinsight Password Safe 24.1
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.
network
low complexity
beyondtrust CWE-290
2.7