Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2023-22474 | Authentication Bypass by Spoofing vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 8.1 |
| 2023-02-02 | CVE-2022-40269 | Authentication Bypass by Spoofing vulnerability in Mitsubishielectric Gt25 Firmware, Gt27 Firmware and GT Softgot2000 Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes. | 8.1 |
| 2023-01-30 | CVE-2022-32747 | Authentication Bypass by Spoofing vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2 A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. | 8.1 |
| 2023-01-23 | CVE-2022-4303 | Authentication Bypass by Spoofing vulnerability in Ciphercoin WP Limit Login Attempts The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms. | 7.5 |
| 2023-01-23 | CVE-2022-4746 | Authentication Bypass by Spoofing vulnerability in Wpmanageninja Fluentauth The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. | 7.5 |
| 2022-12-22 | CVE-2022-31738 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. | 6.5 |
| 2022-12-13 | CVE-2022-4098 | Authentication Bypass by Spoofing vulnerability in WUT products Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. | 8.0 |
| 2022-12-05 | CVE-2022-41798 | Authentication Bypass by Spoofing vulnerability in Kyocera products Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. | 6.5 |
| 2022-11-03 | CVE-2022-38712 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. | 5.9 |
| 2022-10-17 | CVE-2022-42983 | Authentication Bypass by Spoofing vulnerability in Anji-Plus Aj-Report 0.9.8.6 anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | 8.8 |