Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31195 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Microsoft Exchange Server Remote Code Execution Vulnerability
|
|||||
| CVE-2022-48349 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 9.1 CRITICAL |
|
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.
|
|||||
| CVE-2020-6158 | 2025-02-21 | N/A | 4.7 MEDIUM | ||
|
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.
|
|||||
| CVE-2023-0816 | 1 Strategy11 | 1 Formidable Form Builder | 2025-02-19 | N/A | 6.5 MEDIUM |
|
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
|
|||||
| CVE-2025-25055 | 2025-02-18 | N/A | 5.3 MEDIUM | ||
|
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed.
|
|||||
| CVE-2023-3128 | 1 Grafana | 1 Grafana | 2025-02-13 | N/A | 9.4 CRITICAL |
|
Grafana is validating Azure AD accounts based on the email claim.
On Azure AD, the profile email field is not unique and can be easily modified.
This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
|
|||||
| CVE-2023-34329 | 1 Ami | 1 Megarac Sp-x | 2025-02-13 | N/A | 9.1 CRITICAL |
|
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.
|
|||||
| CVE-2023-31424 | 1 Broadcom | 1 Brocade Sannav | 2025-02-13 | N/A | 8.1 HIGH |
|
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote unauthenticated users to bypass web authentication and
authorization.
|
|||||
| CVE-2025-25182 | 2025-02-12 | N/A | 9.4 CRITICAL | ||
|
Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the application is accessible not through the ALB itself. This vulnerability may also allow for server-side request forgery which may lead to code execution or further privileges escalations when using the AWS meta ...
Show More |
|||||
| CVE-2024-5812 | 1 Beyondtrust | 1 Beyondinsight Password Safe | 2025-02-11 | N/A | 3.3 LOW |
|
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.
|
|||||
| CVE-2024-36557 | 2025-02-10 | N/A | 6.6 MEDIUM | ||
|
The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to hijack the device and control it from the app.
|
|||||
| CVE-2024-21746 | 1 Wpmet | 1 Wp Ultimate Review | 2025-02-07 | N/A | 5.3 MEDIUM |
|
Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2.
|
|||||
| CVE-2025-21415 | 1 Microsoft | 1 Azure Ai Face Service | 2025-02-07 | N/A | 9.9 CRITICAL |
|
Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2022-47522 | 2 Ieee, Sonicwall | 59 Ieee 802.11, Soho 250, Soho 250 Firmware and 56 more | 2025-02-06 | N/A | 7.5 HIGH |
|
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before remo ...
Show More |
|||||
| CVE-2023-51543 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | N/A | 5.3 MEDIUM |
|
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
|
|||||
| CVE-2023-32207 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-31 | N/A | 8.8 HIGH |
|
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
|
|||||
| CVE-2024-54158 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 3.5 LOW |
|
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
|
|||||
| CVE-2025-24458 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 7.1 HIGH |
|
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
|
|||||
| CVE-2024-22092 | 1 Openatom | 1 Openharmony | 2025-01-27 | N/A | 7.7 HIGH |
|
in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action.
|
|||||
| CVE-2025-24628 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
|
Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.
|
|||||
| CVE-2022-22364 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.3 MEDIUM |
|
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903.
|
|||||
| CVE-2023-2001 | 1 Gitlab | 1 Gitlab | 2025-01-07 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code.
|
|||||
| CVE-2024-12108 | 2 Microsoft, Progress | 2 Windows, Whatsup Gold | 2025-01-06 | N/A | 9.6 CRITICAL |
|
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
|
|||||
| CVE-2022-35770 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 6.5 MEDIUM |
|
Windows NTLM Spoofing Vulnerability
|
|||||
| CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 7.5 HIGH |
|
Windows CryptoAPI Spoofing Vulnerability
|
|||||
| CVE-2024-13061 | 2025-01-02 | N/A | 9.8 CRITICAL | ||
|
The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users, which can then be used to log into the system.
|
|||||
| CVE-2024-54450 | 2024-12-28 | N/A | 9.4 CRITICAL | ||
|
An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP address can later be displayed in the My Account popup that shows the IP address that was used to log in.
|
|||||
| CVE-2024-55470 | 2024-12-20 | N/A | 7.5 HIGH | ||
|
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.
|
|||||
| CVE-2024-3843 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 4.3 MEDIUM |
|
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-34157 | 1 Huawei | 1 Harmonyos | 2024-12-17 | N/A | 10.0 CRITICAL |
|
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.
|
|||||
| CVE-2024-28228 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | N/A | 5.3 MEDIUM |
|
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
|
|||||
| CVE-2023-41133 | 2024-12-13 | N/A | 5.3 MEDIUM | ||
|
Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0.
|
|||||
| CVE-2023-34167 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 5.3 MEDIUM |
|
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
|
|||||
| CVE-2023-34160 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 5.3 MEDIUM |
|
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
|
|||||
| CVE-2023-34158 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 5.3 MEDIUM |
|
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
|
|||||
| CVE-2024-1347 | 1 Gitlab | 1 Gitlab | 2024-12-11 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.
|
|||||
| CVE-2023-42843 | 4 Apple, Fedoraproject, Webkitgtk and 1 more | 7 Ipad Os, Iphone Os, Macos and 4 more | 2024-12-09 | N/A | 4.3 MEDIUM |
|
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
|
|||||
| CVE-2024-22457 | 1 Dell | 1 Secure Connect Gateway | 2024-12-04 | N/A | 7.1 HIGH |
|
Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.
|
|||||
| CVE-2023-27199 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-12-04 | N/A | 6.7 MEDIUM |
|
PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.
|
|||||
| CVE-2024-50380 | 2024-12-02 | N/A | N/A | ||
|
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.
|
|||||