Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237

237 vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-48513 Huawei HarmonyOS 安全漏洞 — HarmonyOS 9.1 -2023-07-06
CVE-2023-22814 Authentication Bypass issue in My Cloud OS 5 devices — My Cloud OS 5 10.0 Critical2023-06-30
CVE-2023-3243 Honeywell Alerton 安全漏洞 — BCM-WEB 8.3 High2023-06-28
CVE-2023-3128 Grafana 安全漏洞 — Grafana 9.4 Critical2023-06-22
CVE-2023-2807 Authentication bypass in password reset process — Pandora FMS 6.4 Medium2023-06-13
CVE-2022-36331 Impersonation attack causing an Authentication Bypass on Western Digital devices — My Cloud OS 5 10.0 Critical2023-06-12
CVE-2023-2887 User Authentication Bypass in CBOT's Chatbot — Chatbot 9.8 Critical2023-05-25
CVE-2023-22474 Parse Server is vulnerable to authentication bypass via spoofing — parse-server 8.7 High2023-02-03
CVE-2022-40269 Mitsubishi Electric GOT2000 和GT SoftGOT2000 安全漏洞 — GOT2000 Series GT27 model 6.8 Medium2023-02-02
CVE-2022-32747 Schneider Electric EcoStruxure Cybersecurity Admin Expert 安全漏洞 — EcoStruxure™ Cybersecurity Admin Expert (CAE) 8.0 High2023-01-30
CVE-2022-4098 Wiesemann & Theis: Multiple products prone to missing authentication through spoofing — Com-Server ++ 8.0 High2022-12-13
CVE-2021-45036 Velneo vClient improper authentication — Velneo vClient 8.7 High2022-11-28
CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface — PAN-OS 8.1 High2022-10-12
CVE-2020-11015 Device Authentication Vulnerability in thinx-device-api IoT Device Management Server — thinx-device-api 7.5 High2022-09-29
CVE-2021-27854 L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation — P802.1Q 4.7 -2022-09-27
CVE-2021-27853 L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers — 802.2 4.7 -2022-09-27
CVE-2022-39227 Python-jwt subject to Authentication Bypass by Spoofing — python-jwt 9.1 Critical2022-09-23
CVE-2022-23949 Keylime 安全漏洞 — keylime 7.5 -2022-09-21
CVE-2021-43310 Keylime 安全漏洞 — keylime 9.8 -2022-09-21
CVE-2022-35957 Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin — grafana 6.6 Medium2022-09-20
CVE-2022-31149 ActivityWatch vulnerable to DNS rebinding attack — activitywatch 8.8 High2022-09-07
CVE-2022-32744 Samba 权限许可和访问控制问题漏洞 — samba 8.8 -2022-08-25
CVE-2022-2310 Skyhigh SWG Authentication bypass vulnerability — Skyhigh Secure Web Gateway (SWG) 10.0 Critical2022-07-27
CVE-2022-2368 Authentication Bypass by Spoofing in microweber/microweber — microweber/microweber 6.5 Medium2022-07-11
CVE-2022-1745 2.2.7 AUTHENTICATION BYPASS BY SPOOFING CWE-290 — ImageCast X application 6.8 -2022-06-24
CVE-2022-25989 Eufy Anker Eufy Homebase 安全漏洞 — Eufy Homebase 2 8.8 -2022-05-05
CVE-2022-24858 Default redirect callback vulnerable to open redirects — next-auth 6.1 Medium2022-04-19
CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header — Apache APISIX 9.8 -2022-02-11
CVE-2022-23131 Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML — Frontend 9.1 Critical2022-01-13
CVE-2021-43807 HTTP Method Spoofing in Opencast — opencast 7.5 High2021-12-14

Vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过) represent 237 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.