Total
420 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47522 | 2 Ieee, Sonicwall | 59 Ieee 802.11, Soho 250, Soho 250 Firmware and 56 more | 2025-02-06 | 7.5 High |
| The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key. | ||||
| CVE-2024-5037 | 1 Redhat | 4 Logging, Openshift, Openshift Container Platform and 1 more | 2025-02-06 | 7.5 High |
| A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. | ||||
| CVE-2022-32747 | 1 Schneider-electric | 1 Ecostruxure Cybersecurity Admin Expert | 2025-02-05 | 8 High |
| A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxureâ„¢ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | ||||
| CVE-2023-51543 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0. | ||||
| CVE-2023-32207 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-31 | 8.8 High |
| A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2024-54158 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 3.5 Low |
| In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | ||||
| CVE-2025-24458 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 7.1 High |
| In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration | ||||
| CVE-2024-4358 | 1 Telerik | 1 Report Server 2024 | 2025-01-27 | 9.8 Critical |
| In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. | ||||
| CVE-2024-22092 | 1 Openatom | 1 Openharmony | 2025-01-27 | 7.7 High |
| in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. | ||||
| CVE-2023-2887 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2025-01-16 | 9.8 Critical |
| Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||||
| CVE-2023-25743 | 2 Mozilla, Redhat | 6 Firefox Focus, Enterprise Linux, Rhel Aus and 3 more | 2025-01-09 | 7.5 High |
| A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | ||||
| CVE-2022-22364 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | 5.3 Medium |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903. | ||||
| CVE-2023-2001 | 1 Gitlab | 1 Gitlab | 2025-01-07 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code. | ||||
| CVE-2024-12108 | 2 Microsoft, Progress | 2 Windows, Whatsup Gold | 2025-01-06 | 9.6 Critical |
| In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | ||||
| CVE-2023-2807 | 1 Pandorafms | 1 Pandora Fms | 2025-01-03 | 6.4 Medium |
| Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms. | ||||
| CVE-2022-36331 | 1 Westerndigital | 24 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 21 more | 2025-01-03 | 10 Critical |
| Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. | ||||
| CVE-2022-35770 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | 6.5 Medium |
| Windows NTLM Spoofing Vulnerability | ||||
| CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | 7.5 High |
| Windows CryptoAPI Spoofing Vulnerability | ||||
| CVE-2022-44713 | 1 Microsoft | 2 Office, Office Long Term Servicing Channel | 2025-01-02 | 7.5 High |
| Microsoft Outlook for Mac Spoofing Vulnerability | ||||
| CVE-2022-26910 | 1 Microsoft | 1 Skype For Business Server | 2025-01-02 | 5.3 Medium |
| Skype for Business and Lync Spoofing Vulnerability | ||||