Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237

237 vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25660 Authentication bypass for certain API calls — CodeChecker 9.8AICriticalAI2026-04-24
CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing — oauth2-proxy 9.1 Critical2026-04-21
CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass — UUA 8.6 High2026-04-16
CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode — oauth2-proxy 9.1 Critical2026-04-14
CVE-2026-35656 OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limiter — OpenClaw 6.5 Medium2026-04-10
CVE-2026-35622 OpenClaw < 2026.3.22 - Improper Authentication Verification in Google Chat Webhook — OpenClaw 5.9 Medium2026-04-09
CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation — Django 5.3AIMediumAI2026-04-07
CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies — electron 5.9 Medium2026-04-03
CVE-2026-33433 Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField — traefik 8.1 -2026-03-27
CVE-2026-33661 WeChat Pay callback signature verification bypassed when Host header is localhost — pay 8.6 High2026-03-26
CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token — pinchtab 4.8 Medium2026-03-26
CVE-2026-30975 Sonarr Authentication Bypass vulnerability — Sonarr 8.1 High2026-03-25
CVE-2026-33223 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing — nats-server 6.4 Medium2026-03-25
CVE-2026-32492 WordPress My Tickets plugin <= 2.1.1 - Bypass Vulnerability vulnerability — My Tickets 7.5 -2026-03-25
CVE-2026-24372 WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability — Subscriptions for WooCommerce 9.1 -2026-03-25
CVE-2026-32045 OpenClaw < 2026.2.21 - Authentication Bypass in HTTP Gateway Routes via Tokenless Tailscale Auth — OpenClaw 5.9 Medium2026-03-21
CVE-2026-32666 Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing — WebCTRL Premium Server 7.5 High2026-03-20
CVE-2026-33131 h3 has a middleware bypass with one gadget — h3 7.4 High2026-03-20
CVE-2026-32014 OpenClaw < 2026.2.26 - Node Reconnect Metadata Spoofing via Unsigned Platform Fields — OpenClaw 8.0 High2026-03-19
CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation — unitycatalog 9.1 Critical2026-03-11
CVE-2026-31889 Shopware has a potential take over of app credentials — core 8.9 High2026-03-11
CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens — auth 4.8 Medium2026-03-11
CVE-2026-32229 JetBrains Hub 安全漏洞 — Hub 6.8 Medium2026-03-11
CVE-2025-48840 Fortinet FortiWeb 安全漏洞 — FortiWeb 5.0 Medium2026-03-10
CVE-2026-28480 OpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist Authorization — OpenClaw 6.5 Medium2026-03-05
CVE-2026-28465 OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers — voice-call 5.9 Medium2026-03-05
CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning. — WSO2 API Manager 7.7 High2026-02-24
CVE-2025-69401 WordPress WooODT Lite plugin <= 2.5.2 - Payment Bypass Vulnerability vulnerability — WooODT Lite 7.5 High2026-02-20
CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE — caido 8.1 High2026-02-13
CVE-2026-25938 FUXA Unauthenticated Remote Code Execution in Node-RED Integration — FUXA 9.8AICriticalAI2026-02-09

Vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过) represent 237 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.