Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-66570

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-05 Dec, 2025 | 18:18
Updated At-05 Dec, 2025 | 18:40
Rejected At-
Credits

cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:05 Dec, 2025 | 18:18
Updated At:05 Dec, 2025 | 18:40
Rejected At:
â–¼CVE Numbering Authority (CNA)
cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

Affected Products
Vendor
yhirose
Product
cpp-httplib
Versions
Affected
  • < 0.27.0
Problem Types
TypeCWE IDDescription
CWECWE-290CWE-290: Authentication Bypass by Spoofing
CWECWE-345CWE-345: Insufficient Verification of Data Authenticity
CWECWE-807CWE-807: Reliance on Untrusted Inputs in a Security Decision
Type: CWE
CWE ID: CWE-290
Description: CWE-290: Authentication Bypass by Spoofing
Type: CWE
CWE ID: CWE-345
Description: CWE-345: Insufficient Verification of Data Authenticity
Type: CWE
CWE ID: CWE-807
Description: CWE-807: Reliance on Untrusted Inputs in a Security Decision
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xm2j-vfr9-mg9m
x_refsource_CONFIRM
https://github.com/yhirose/cpp-httplib/commit/ac9ebb0ee333ce8bf13523f487bdfad9518a2aff
x_refsource_MISC
Hyperlink: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xm2j-vfr9-mg9m
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/yhirose/cpp-httplib/commit/ac9ebb0ee333ce8bf13523f487bdfad9518a2aff
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:05 Dec, 2025 | 19:15
Updated At:10 Dec, 2025 | 15:02

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

yhirose
yhirose
>>cpp-httplib>>Versions before 0.27.0(exclusive)
cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-290Primarysecurity-advisories@github.com
CWE-345Primarysecurity-advisories@github.com
CWE-807Primarysecurity-advisories@github.com
CWE ID: CWE-290
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-345
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-807
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/yhirose/cpp-httplib/commit/ac9ebb0ee333ce8bf13523f487bdfad9518a2affsecurity-advisories@github.com
Patch
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xm2j-vfr9-mg9msecurity-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/yhirose/cpp-httplib/commit/ac9ebb0ee333ce8bf13523f487bdfad9518a2aff
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xm2j-vfr9-mg9m
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

141Records found

CVE-2025-66577
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.05%
||
7 Day CHG~0.00%
Published-05 Dec, 2025 | 18:20
Updated-11 Dec, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which get accepted unconditionally by get_client_ip() in docker/main.cc, causing access and error logs (nginx_access_logger / nginx_error_logger) to record spoofed client IPs (log poisoning / audit evasion). This vulnerability is fixed in 0.27.0.

Action-Not Available
Vendor-yhiroseyhirose
Product-cpp-httplibcpp-httplib
CWE ID-CWE-117
Improper Output Neutralization for Logs
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2024-6163
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 41.00%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 13:01
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
local IP restriction of internal HTTP endpoints

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data

Action-Not Available
Vendor-Checkmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-36134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 33.73%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-class_scheduling_systemn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-36139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 26.26%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-cleaning_business_softwaren/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-3325
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.55% / 42.51%
||
7 Day CHG~0.00%
Published-20 Jun, 2023 | 04:27
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.

Action-Not Available
Vendor-cmscommanderthoefter
Product-cms_commanderCMS Commander – Manage Multiple Sites
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-3243
Matching Score-4
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-4
Assigner-Honeywell International Inc.
CVSS Score-8.3||HIGH
EPSS-0.61% / 45.02%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 20:23
Updated-02 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. 

Action-Not Available
Vendor-Honeywell International Inc.
Product-alerton_bcm-webalerton_bcm-web_firmwareBCM-WEBalerton_bcm-web_firmware
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-6695
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 51.51%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 20:07
Updated-25 Oct, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortimanagerFortinet FortiManager
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-31424
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-8.1||HIGH
EPSS-0.68% / 48.23%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 00:54
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web authentication and authorization bypass

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_sannavSANnav
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-3128
Matching Score-4
Assigner-Grafana Labs
ShareView Details
Matching Score-4
Assigner-Grafana Labs
CVSS Score-9.4||CRITICAL
EPSS-4.09% / 89.60%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 20:14
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.

Action-Not Available
Vendor-Grafana Labs
Product-grafanaGrafana EnterpriseGrafana
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-5613
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 43.76%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 15:26
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-2987
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 41.07%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 02:40
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.

Action-Not Available
Vendor-wordappwordapp
Product-wordappWordapp
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2025-49827
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.40% / 69.55%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 19:26
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipulate the headers signed by AWS can take advantage of a malformed regular expression to redirect the authentication validation request that Secrets Manager, Self-Hosted sends to AWS to a malicious server controlled by the attacker. This redirection could result in a bypass of the Secrets Manager, Self-Hosted IAM Authenticator, granting the attacker the permissions granted to the client whose request was manipulated. This issue affects both Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Action-Not Available
Vendor-cyberarkcyberark
Product-conjurconjur
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2023-2887
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 51.35%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 08:33
Updated-22 May, 2026 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User Authentication Bypass in CBOT's Chatbot

Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

Action-Not Available
Vendor-CBOT
Product-cbot_panelcbot_coreChatbot
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-28386
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.6||HIGH
EPSS-0.42% / 34.00%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 19:35
Updated-16 Jan, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.

Action-Not Available
Vendor-snaponecontrol4Snap One
Product-an-110-rt-2l1w-wifian-310-rt-4l2wca-10ca-1pakedge_wr-1ea-5ea-3pakedge_rk-1orvcea-1an-110-rt-2l1wovrc-300-propakedge_rt-3100OvrC Cloud
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-2807
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.4||MEDIUM
EPSS-0.62% / 45.61%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 11:10
Updated-03 Jan, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication bypass in password reset process

Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2021-43616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-2.53% / 83.16%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 00:00
Updated-04 Aug, 2024 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.

Action-Not Available
Vendor-npmjsn/aNetApp, Inc.Fedora Project
Product-next_generation_application_programming_interfacefedoranpmn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2025-49199
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.64%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 14:26
Updated-26 Jan, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Backup files can be modified and uploaded

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.

Action-Not Available
Vendor-SICK AG
Product-field_analyticsSICK Field Analytics
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-25178
Matching Score-4
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-4
Assigner-Honeywell International Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 40.70%
||
7 Day CHG+0.09%
Published-13 Jul, 2023 | 10:59
Updated-05 Mar, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Controller design flaw - unsigned firmware

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.

Action-Not Available
Vendor-Honeywell International Inc.
Product-c300_firmwarec300C300
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2019-20790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.66% / 83.99%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:00
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.

Action-Not Available
Vendor-trusteddomainpypolicyd-spf_projectn/aFedora Project
Product-pypolicyd-spffedoraopendmarcn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-2289
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 45.01%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:38
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwareqcm2150_firmwaremdm9640_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresnapdragon_high_med_2016_firmwaresm6150msm8909w_firmwaremsm8976_firmwaremsm8996aumdm915_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9205mdm9206_firmwaremsm8939qcs605mdm915msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaremdm9655_firmwaresdm660sc8180x_firmwaresdm710qm215mdm9607apq8017_firmwaremdm9625_firmwaresdm710_firmwaremsm8939_firmwaremsm8937msm8905snapdragon_high_med_2016sm8150_firmwaremsm8909sxr2130_firmwaremdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625qm215_firmwaremsm8976sdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850mdm9615_firmwareapq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-22814
Matching Score-4
Assigner-Western Digital
ShareView Details
Matching Score-4
Assigner-Western Digital
CVSS Score-10||CRITICAL
EPSS-0.69% / 48.55%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 23:05
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass issue in My Cloud OS 5 devices

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.

Action-Not Available
Vendor-Western Digital Corp.
Product-my_cloud_dl2100wd_cloudmy_cloudmy_cloud_ex4100my_cloud_ex2_ultramy_cloud_mirror_g2my_cloud_pr2100my_cloud_osmy_cloud_dl4100my_cloud_ex2100my_cloud_pr4100My Cloud OS 5my_cloud_os_5
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-18259
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-2.11% / 79.73%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 19:19
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.

Action-Not Available
Vendor-omronn/a
Product-plc_cs_firmwareplc_cj_firmwareOmron PLC CJ and CS Series
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-18835
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.86% / 54.56%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 23:12
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

Action-Not Available
Vendor-n/aThe Matrix.org Foundation
Product-synapsen/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-20025
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9||CRITICAL
EPSS-1.63% / 73.62%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:33
Updated-07 Apr, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_firmwarerv016rv042g_firmwarerv082_firmwarerv042grv042rv016_firmwarerv082Cisco Small Business RV Series Router Firmware
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-293
Using Referer Field for Authentication
CVE-2019-16871
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.30% / 91.68%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 20:42
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.

Action-Not Available
Vendor-n/aBeckhoff Automation GmbH & Co. KG
Product-twincatn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-16378
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.46% / 82.62%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 11:24
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.

Action-Not Available
Vendor-trusteddomainn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraopendmarcn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-51350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.29% / 67.10%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.

Action-Not Available
Vendor-ujcmsn/a
Product-ujcmsn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-51655
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-6.3||MEDIUM
EPSS-0.33% / 25.64%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 09:57
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2021-34646
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-50.87% / 98.80%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 18:03
Updated-05 May, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Booster for WooCommerce <= 5.4.3 Authentication Bypass

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.

Action-Not Available
Vendor-boosterPluggabl LLC
Product-booster_for_woocommerceBooster for WooCommcerce
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2025-36594
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 37.61%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 14:25
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain Feature ReleasePowerProtect Data Domain LTS2024PowerProtect Data Domain LTS 2023
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-36753
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-8.6||HIGH
EPSS-0.28% / 19.87%
||
7 Day CHG+0.01%
Published-13 Dec, 2025 | 08:16
Updated-14 Jan, 2026 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SWD Interface Open on Growatt ShineLan-X

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device

Action-Not Available
Vendor-growattGrowatt
Product-shine_lan-x_firmwareshine_lan-xShineLan-X
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-48513
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 36.65%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 12:42
Updated-19 Nov, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-27671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 43.41%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Device Impersonation OVE-20230524-0015.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-54782
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.25% / 15.88%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 22:20
Updated-10 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated bindings, allowing an unauthenticated remote attacker to impersonate any principal the trusted STS could issue. This issue is fixed in versions 1.8.1 and 1.9.1.

Action-Not Available
Vendor-CoreWCF
Product-CoreWCF
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-54763
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 17.04%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 20:33
Updated-08 Jul, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik: headerField underscore-variant identity spoofing in BasicAuth / DigestAuth / ForwardAuth

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which many backends normalize identically to dashed forms. An attacker able to reach a protected route can inject an underscore-variant header that survives Traefik's stripping and reaches the backend alongside, or on the unauthenticated ForwardAuth authResponseHeaders path instead of, the value Traefik intended to set, spoofing identity or authorization context. This issue is fixed in versions v2.11.51, v3.6.22, and v3.7.6.

Action-Not Available
Vendor-traefiktraefik
Product-traefiktraefik
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-55652
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 27.79%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 21:15
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wekan: Header-login IP allowlist bypass via X-Forwarded-For spoofing in Wekan allows unauthenticated full account takeover (incl. admin)

Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADER_LOGIN_TRUSTED_IPS uses getRequestIp() in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-For header before the real socket address, allowing an unauthenticated attacker to send HEADER_LOGIN_ID for any username and receive a meteor_login_token session, including for admin. This issue is fixed in version 9.46.

Action-Not Available
Vendor-wekan
Product-wekan
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2018-7842
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-35.04% / 98.26%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:59
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-48567
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.97% / 58.03%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 22:00
Updated-15 Jul, 2026 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure HorizonDB Elevation of Privilege Vulnerability

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_horizondbAzure HorizonDB
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-48491
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.73%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 19:12
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host(*.example.com) with stricter TLS options (for example RequireAndVerifyClientCert), SNICheck resolves the TLS options for the HTTP Host header using exact map lookups only and never applies wildcard matching. If another permissive SNI is served on the same entrypoint, an attacker can complete the TLS handshake under the permissive options and then send an HTTP Host header targeting the wildcard-protected backend, reaching it without presenting a client certificate. This affects the regular HTTPS / HTTP-2 path and does not require HTTP/3. This vulnerability is fixed in 3.7.3.

Action-Not Available
Vendor-traefiktraefikRed Hat, Inc.
Product-traefiktraefikRed Hat OpenShift Dev Spaces
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2023-41591
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 26.99%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 00:00
Updated-03 Jun, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.

Action-Not Available
Vendor-opennetworkingn/a
Product-onosn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-49468
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.5||CRITICAL
EPSS-0.56% / 42.79%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 20:37
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM: Authentication Bypass via Host Header Injection

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. This vulnerability is fixed in 1.84.0.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmRed Hat OpenShift AI (RHOAI)Exploit IntelligenceRed Hat Ansible Automation Platform 2
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-47691
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.29% / 21.19%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 14:33
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netty has Insufficient Bailiwick Validation for NS Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's `DnsResolveContext` insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains (like `.co.uk`). In `io.netty.resolver.dns.DnsResolveContext.AuthoritativeNameServerList#add` method accepts any NS record from the AUTHORITY section as long as the record's name is a suffix of the questionName. Subsequently, the `handleWithAdditional` method caches the associated A records from the ADDITIONAL section directly into the `authoritativeDnsServerCache` under the parent domain's key. This bypasses standard bailiwick rules, where a server authoritative for a subdomain should not be trusted to provide authoritative records for its parent. The poisoned cache is then used for all future resolutions under the parent domain's key. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Action-Not Available
Vendor-Red Hat, Inc.The Netty Project
Product-nettynettyRed Hat OpenShift Dev SpacesRed Hat Build of KeycloakRed Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16Red Hat Fuse 7Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat build of Quarkus 3.33.2.SP1Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Data Grid 8streams for Apache Kafka 3Red Hat Build of Apache Camel 3.33 for Quarkus 3.33.2.SP1Red Hat build of Debezium 3Red Hat build of Apache Camel - HawtIO 4Red Hat JBoss Enterprise Application Platform 7Cryostat 4OpenShift ServerlessRed Hat build of Quarkus 3.27.4.SP1Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-346
Origin Validation Error
CVE-2021-25827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 71.35%
||
7 Day CHG+0.01%
Published-28 Jun, 2023 | 00:00
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.

Action-Not Available
Vendor-embyn/a
Product-embyn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2026-45674
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.22% / 12.97%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 14:17
Updated-15 Jul, 2026 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue.

Action-Not Available
Vendor-Red Hat, Inc.The Netty Project
Product-nettynettyRed Hat OpenShift Dev SpacesRed Hat Build of KeycloakRed Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16Red Hat Fuse 7Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat build of Quarkus 3.33.2.SP1Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Data Grid 8streams for Apache Kafka 3Red Hat Build of Apache Camel 3.33 for Quarkus 3.33.2.SP1Red Hat build of Debezium 3Red Hat build of Apache Camel - HawtIO 4Red Hat JBoss Enterprise Application Platform 7Cryostat 4OpenShift ServerlessRed Hat build of Quarkus 3.27.4.SP1Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-346
Origin Validation Error
CVE-2018-25317
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.65% / 47.08%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 19:24
Updated-15 Jul, 2026 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change

Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w309r_firmwarew3002rw3002r_firmwarea302_firmwarea302w309rW3002R
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2018-25316
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.65% / 47.08%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 19:24
Updated-15 Jul, 2026 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w308rw308r_firmwareW308R v2
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-37920
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.56%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 20:45
Updated-05 Mar, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certifi's removal of e-Tugra root certificate

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

Action-Not Available
Vendor-certificertifiFedora ProjectNetApp, Inc.
Product-fedoraactive_iq_unified_managerontap_mediatormanagement_services_for_element_softwareontap_select_deploy_administration_utilitymanagement_services_for_netapp_hcicertifisolidfire_\&_hci_storage_nodepython-certifi
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-44649
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 12.20%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 17:45
Updated-02 Jun, 2026 | 03:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SillyTavern: Authentication Bypass via SSO Header Injection

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to automatically log in users when SSO is configured. There is no validation that these headers originate from a trusted reverse proxy. Any network client that can reach the SillyTavern port directly can inject these headers and authenticate as any user, including administrators, without a password. This vulnerability is exploitable only when sso.autheliaAuth: true or sso.authentikAuth: true is set in config.yaml (both default to false). This vulnerability is fixed in 1.18.0.

Action-Not Available
Vendor-SillyTavern
Product-SillyTavern
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2026-44523
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.12% / 2.50%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 18:42
Updated-15 May, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Note Mark: JWT Secret Weakness allows Full Account Takeover via token forgery

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4.

Action-Not Available
Vendor-enchant97
Product-note-mark
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-43534
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.19% / 8.75%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:25
Updated-07 May, 2026 | 01:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events

OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate untrusted input into higher-trust agent context.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found