Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237

237 vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-21862 RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers — rustfs 9.1AICriticalAI2026-02-03
CVE-2020-37056 Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass — http-protection 9.8 Critical2026-01-30
CVE-2026-0834 Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13 — Archer C20 v6.0, Archer AX53 v1.0 8.8AIHighAI2026-01-21
CVE-2026-22797 OpenStack keystonemiddleware 安全漏洞 — keystonemiddleware 9.9 Critical2026-01-19
CVE-2025-13455 Lenovo多款产品 安全漏洞 — ThinkPlus FU100 7.8 High2026-01-14
CVE-2025-11250 Authentication Bypass — ManageEngine ADSelfService Plus 9.1 Critical2026-01-13
CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing — Apache Mynewt NimBLE 7.5 -2026-01-10
CVE-2025-69258 Trend Micro Apex Central 安全漏洞 — Trend Micro Apex Central 9.8 Critical2026-01-08
CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks — n8n 6.5 Medium2026-01-08
CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing — signalk-server 6.3 Medium2026-01-01
CVE-2025-68644 Yealink RPS 安全漏洞 — RPS 7.4 High2025-12-21
CVE-2025-59385 QTS, QuTS hero — QTS 9.1AICriticalAI2025-12-16
CVE-2025-36754 Authentication bypass on web interface — ShineLan-X 7.4AIHighAI2025-12-13
CVE-2025-36753 SWD Interface Open on Growatt ShineLan-X — ShineLan-X 9.1AICriticalAI2025-12-13
CVE-2024-8273 HYPR Server 安全漏洞 — Server 7.5AIHighAI2025-12-11
CVE-2025-13953 Bypass in the authentication method of the GTT Sistema de Información Tributario application — Sistema de Información Tributario 7.8AIHighAI2025-12-10
CVE-2025-66508 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers — 1Panel 6.5 Medium2025-12-09
CVE-2025-66570 cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*) — cpp-httplib 10.0 Critical2025-12-05
CVE-2025-27389 Application Installation Source Verification Flaw May Lead to Risk Detection Bypass — ColorOS 8.1 -2025-12-05
CVE-2025-66270 KDE Connect 安全漏洞 — KDE Connect protocol 4.7 Medium2025-12-05
CVE-2025-12653 Authentication Bypass by Spoofing in GitLab — GitLab 6.5 Medium2025-11-26
CVE-2025-12414 Looker account compromise via punycode homograph attack — Looker 7.4 -2025-11-20
CVE-2025-58595 WordPress All In One Login plugin <= 2.0.8 - Bypass Vulnerability vulnerability — All In One Login 9.1 -2025-11-06
CVE-2025-59501 Microsoft Configuration Manager Spoofing Vulnerability — Microsoft Configuration Manager 4.8 Medium2025-10-31
CVE-2025-11843 Therefore™ Online and Therefore™ On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data — Therefore Online and Therefore On-Premises 6.5 -2025-10-31
CVE-2025-61778 Akka.Remote TLS did not properly implement certificate-based authentication — akka.net 9.1AICriticalAI2025-10-06
CVE-2025-54288 Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server — LXD 5.1AIMediumAI2025-10-02
CVE-2025-59154 Openfire allows potential identity spoofing via unsafe CN parsing — Openfire 5.9 Medium2025-09-15
CVE-2025-7448 Man in the middle (MitM) attack vulnerability in Wi-SUN library — Wi-SUN Stack 5.9 -2025-09-12
CVE-2025-8853 2100 Technology|Official Document Management System - Authentication Bypass — Official Document Management System 9.8 Critical2025-08-11

Vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过) represent 237 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.