Filtered by CWE-290
Total 449 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-28478 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-02-28 7.6 High
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-26418 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-02-28 4.6 Medium
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-38173 1 Microsoft 1 Edge Chromium 2025-02-28 4.3 Medium
Microsoft Edge for Android Spoofing Vulnerability
CVE-2023-36883 1 Microsoft 1 Edge 2025-02-28 4.3 Medium
Microsoft Edge for iOS Spoofing Vulnerability
CVE-2023-36769 1 Microsoft 1 Onenote 2025-02-28 4.6 Medium
Microsoft OneNote Spoofing Vulnerability
CVE-2023-35392 1 Microsoft 1 Edge Chromium 2025-02-28 4.7 Medium
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-29334 1 Microsoft 1 Edge Chromium 2025-02-28 4.3 Medium
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-24935 1 Microsoft 1 Edge Chromium 2025-02-28 6.1 Medium
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-24892 1 Microsoft 1 Edge Chromium 2025-02-28 8.2 High
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
CVE-2023-21794 1 Microsoft 1 Edge Chromium 2025-02-28 4.3 Medium
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2021-31209 1 Microsoft 1 Exchange Server 2025-02-28 6.5 Medium
Microsoft Exchange Server Spoofing Vulnerability
CVE-2021-31195 1 Microsoft 1 Exchange Server 2025-02-28 6.5 Medium
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-48349 1 Huawei 2 Emui, Harmonyos 2025-02-24 9.1 Critical
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.
CVE-2020-6158 2025-02-21 4.7 Medium
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.
CVE-2023-0816 1 Strategy11 1 Formidable Form Builder 2025-02-19 6.5 Medium
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
CVE-2025-25055 2025-02-18 N/A
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed.
CVE-2024-3843 2 Fedoraproject, Google 2 Fedora, Chrome 2025-02-13 4.6 Medium
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-34145 2 Jenkins, Redhat 2 Script Security, Ocp Tools 2025-02-13 8.8 High
A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
CVE-2024-23832 1 Joinmastodon 1 Mastodon 2025-02-13 9.4 Critical
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.
CVE-2023-48396 2025-02-13 9.1 Critical
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue.