CWE-290

Authentication Bypass by Spoofing

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 15 of 15

CVE-2026-53833High· 7.710 h ago
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming
CVE-2026-53832High· 7.710 h ago
OpenClaw before 2026.5.18 contains an identity header validation vulnerability allowing local same-host callers to forge trusted-proxy identity headers. Attackers with access to the proxy-facing Gateway port can supply forged identity heade
CVE-2026-53823High· 8.110 h ago
OpenClaw before 2026.5.3 contains a privilege escalation vulnerability in the allowFrom feature that binds to mutable Slack display names. Attackers with Slack account access can change display name metadata to match policy entries, potenti
CVE-2026-53817High· 8.8EPSS 0%12 h ago
OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insuf
CVE-2026-53811High· 8.8EPSS 0%13 h ago
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with the ability to change di
CVE-2024-54085Critical· 9.8KEVEPSS 43%16 h ago
AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
CVE-2022-23131Critical· 9.1KEVEPSS 94%16 h ago
Zabbix Frontend Authentication Bypass Vulnerability
CVE-2022-24112Critical· 9.8KEVEXPLOITEPSS 94%16 h ago
Apache APISIX Authentication Bypass Vulnerability
CVE-2024-4358Critical· 9.8KEVEXPLOITEPSS 94%16 h ago
Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
CVE-2023-50224Medium· 6.5KEVEPSS 2%16 h ago
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVE-2026-5792Medium· 6.516 h ago
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. This issue affects Related Marketing Cloud (RMC): through 12052026.
CVE-2026-6090High· 7.0EPSS 0%2 d ago
A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
CVE-2026-11019Medium· 6.5EPSS 0%4 d ago
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. (Chromium security severity:
CVE-2026-11001Medium· 6.5EPSS 0%6 d ago
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: M
CVE-2021-22890Low· 3.7EPSS 0%24 d ago
curl/libcurl: TLS 1.3 session ticket proxy host mix-up
curl

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.