Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2022-4550 | Authentication Bypass by Spoofing vulnerability in User Activity Project User Activity The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | 7.5 |
| 2023-02-08 | CVE-2022-47648 | Authentication Bypass by Spoofing vulnerability in Bosch B420 Firmware 02.02.0001 An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. | 8.8 |
| 2023-02-02 | CVE-2022-40269 | Authentication Bypass by Spoofing vulnerability in Mitsubishielectric Gt25 Firmware, Gt27 Firmware and GT Softgot2000 Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes. | 8.1 |
| 2023-01-23 | CVE-2022-4303 | Authentication Bypass by Spoofing vulnerability in Ciphercoin WP Limit Login Attempts The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms. | 7.5 |
| 2023-01-23 | CVE-2022-4746 | Authentication Bypass by Spoofing vulnerability in Wpmanageninja Fluentauth The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. | 7.5 |
| 2022-12-22 | CVE-2022-31738 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. | 6.5 |
| 2022-12-05 | CVE-2022-41798 | Authentication Bypass by Spoofing vulnerability in Kyocera products Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. | 6.5 |
| 2022-11-03 | CVE-2022-38712 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. | 5.9 |
| 2022-10-17 | CVE-2022-42983 | Authentication Bypass by Spoofing vulnerability in Anji-Plus Aj-Report 0.9.8.6 anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | 8.8 |
| 2022-10-12 | CVE-2022-0030 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | 8.1 |