CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237

237 vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-36119	IBM i authentication bypass — i	7.1	High	2025-08-08
CVE-2025-36594	Dell PowerProtect Data Domain 安全漏洞 — PowerProtect Data Domain Feature Release	9.8	Critical	2025-08-04
CVE-2025-54576	OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion — oauth2-proxy	9.1	Critical	2025-07-30
CVE-2025-34063	OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key — OneLogin Active Directory Connector (ADC)	8.8^AI	High^AI	2025-07-01
CVE-2025-34065	AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via /nobody URL Path — IP camera, DVR, and NVR Devices	9.8^AI	Critical^AI	2025-07-01
CVE-2025-34053	AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation — IP camera, DVR, and NVR devices	9.8^AI	Critical^AI	2025-07-01
CVE-2025-48937	matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator — matrix-rust-sdk	4.9	Medium	2025-06-10
CVE-2025-49004	Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE — caido	7.5	High	2025-06-09
CVE-2025-48906	Huawei HarmonyOS 安全漏洞 — HarmonyOS	8.8	High	2025-06-06
CVE-2025-49002	Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability — dataease	8.2^AI	High^AI	2025-06-03
CVE-2025-48027	pGina 安全漏洞 — pGina.Fork	5.4	Medium	2025-05-15
CVE-2025-27695	Dell Wyse Management Suite 安全漏洞 — Wyse Management Suite	4.9	Medium	2025-05-08
CVE-2025-46345	Auth0 Account Link Extension JWT Invalid Signature Validation — auth0-account-link-extension	7.5^AI	High^AI	2025-05-01
CVE-2025-32966	Dataease H2 JDBC Connection Remote Code Execution — dataease	8.8	-	2025-04-23
CVE-2025-32788	OctoPrint Authenticated Reverse Proxy Page Authentication Bypass — OctoPrint	4.3	Medium	2025-04-22
CVE-2025-32012	Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing — jellyfin	6.5^AI	Medium^AI	2025-04-15
CVE-2025-32275	WordPress Survey Maker plugin <= 5.1.6.3 - Bypass vulnerability — Survey Maker	7.5^AI	High^AI	2025-04-10
CVE-2025-32227	WordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerability — Asgaros Forum	7.5^AI	High^AI	2025-04-10
CVE-2025-31170	Huawei HarmonyOS和Huawei EMUI 安全漏洞 — HarmonyOS	8.4	High	2025-04-07
CVE-2024-58127	Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS	8.4	High	2025-04-07
CVE-2024-58126	Huawei HarmonyOS和Huawei EMUI 安全漏洞 — HarmonyOS	8.4	High	2025-04-07
CVE-2024-58125	Huawei HarmonyOS和Huawei EMUI 安全漏洞 — HarmonyOS	8.4	High	2025-04-07
CVE-2024-58124	Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS	8.4	High	2025-04-07
CVE-2025-22223	VMware Spring Security 安全漏洞 — Spring Security	5.3	Medium	2025-03-24
CVE-2024-54085	Redfish Authentication Bypass — MegaRAC-SPx	9.4	-	2025-03-11
CVE-2025-27616	Vela Server has Insufficient Webhook Payload Data Verification — server	8.6	High	2025-03-10
CVE-2025-22271	IP Spoofing in CyberArk Endpoint Privilege Manager — Endpoint Privilege Manager	7.5	-	2025-02-28
CVE-2025-25055	JIP InfoBridge FileMegane 安全漏洞 — FileMegane	7.5	-	2025-02-17
CVE-2025-1298	TECNO com.transsion.carlcare 安全漏洞 — com.transsion.carlcare	9.8	-	2025-02-14
CVE-2025-25182	Stroom Authentication/Authorization Bypass when using AWS ALB — stroom	9.4	Critical	2025-02-12

Vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过) represent 237 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237