Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-32747 | Authentication Bypass by Spoofing vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. | 7.1 |
| 2023-01-23 | CVE-2022-4303 | Authentication Bypass by Spoofing vulnerability in Ciphercoin WP Limit Login Attempts The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms. | 7.5 |
| 2023-01-23 | CVE-2022-4746 | Authentication Bypass by Spoofing vulnerability in Wpmanageninja Fluentauth The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. | 7.5 |
| 2022-12-22 | CVE-2022-31738 | When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. | 6.5 |
| 2022-12-13 | CVE-2022-4098 | Authentication Bypass by Spoofing vulnerability in WUT products Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. | 8.0 |
| 2022-12-05 | CVE-2022-41798 | Authentication Bypass by Spoofing vulnerability in Kyocera products Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. | 6.5 |
| 2022-11-03 | CVE-2022-38712 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. | 5.9 |
| 2022-10-17 | CVE-2022-42983 | Authentication Bypass by Spoofing vulnerability in Anji-Plus Report 0.9.8.6 anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | 8.8 |
| 2022-10-12 | CVE-2022-0030 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | 8.1 |
| 2022-10-11 | CVE-2022-34689 | Authentication Bypass by Spoofing vulnerability in Microsoft products Windows CryptoAPI Spoofing Vulnerability | 7.5 |