Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2023-2807 | Authentication Bypass by Spoofing vulnerability in Pandorafms Pandora FMS Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. | 9.8 |
| 2023-06-12 | CVE-2022-36331 | Authentication Bypass by Spoofing vulnerability in Westerndigital products Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. | 7.5 |
| 2023-06-02 | CVE-2023-25743 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox Focus A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. | 7.5 |
| 2023-06-02 | CVE-2023-32207 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. | 8.8 |
| 2023-05-25 | CVE-2023-2887 | Authentication Bypass by Spoofing vulnerability in Cbot Core and Cbot Panel Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | 9.8 |
| 2023-04-15 | CVE-2022-47522 | Authentication Bypass by Spoofing vulnerability in multiple products The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. | 7.5 |
| 2023-03-27 | CVE-2023-0816 | Authentication Bypass by Spoofing vulnerability in Strategy11 Formidable Form Builder The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | 6.5 |
| 2023-02-27 | CVE-2022-4550 | Authentication Bypass by Spoofing vulnerability in User Activity Project User Activity The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | 7.5 |
| 2023-02-14 | CVE-2023-21794 | Authentication Bypass by Spoofing vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 |
| 2023-02-08 | CVE-2022-47648 | Authentication Bypass by Spoofing vulnerability in Bosch B420 Firmware 02.02.0001 An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. | 8.8 |