Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2023-02-02 CVE-2022-40269 Authentication Bypass by Spoofing vulnerability in Mitsubishielectric Gt25 Firmware, Gt27 Firmware and GT Softgot2000
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.
network
low complexity
mitsubishielectric CWE-290
8.1
2023-01-23 CVE-2022-4303 Authentication Bypass by Spoofing vulnerability in Ciphercoin WP Limit Login Attempts
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
network
low complexity
ciphercoin CWE-290
7.5
2023-01-23 CVE-2022-4746 Authentication Bypass by Spoofing vulnerability in Wpmanageninja Fluentauth
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.
network
low complexity
wpmanageninja CWE-290
7.5
2022-12-22 CVE-2022-31738 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla CWE-290
6.5
2022-12-05 CVE-2022-41798 Authentication Bypass by Spoofing vulnerability in Kyocera products
Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information.
low complexity
kyocera CWE-290
6.5
2022-11-03 CVE-2022-38712 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server
"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations.
network
high complexity
ibm CWE-290
5.9
2022-10-17 CVE-2022-42983 Authentication Bypass by Spoofing vulnerability in Anji-Plus Aj-Report 0.9.8.6
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.
network
low complexity
anji-plus CWE-290
8.8
2022-10-12 CVE-2022-0030 Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os
An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions.
network
high complexity
paloaltonetworks CWE-290
8.1
2022-09-27 CVE-2021-27854 Authentication Bypass by Spoofing vulnerability in multiple products
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
low complexity
ieee ietf CWE-290
4.7
2022-09-27 CVE-2021-27861 Authentication Bypass by Spoofing vulnerability in multiple products
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
low complexity
ieee ietf CWE-290
4.7