Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11717 | 1 Metinfo Project | 1 Metinfo | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. | |||||
| CVE-2017-16897 | 1 Auth0 | 1 Passport-wsfed-saml2 | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response). | |||||
| CVE-2017-14003 | 1 Lavalink | 2 Ether-serial Link, Ether-serial Link Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator. | |||||
| CVE-2022-1745 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 7.2 HIGH | 6.8 MEDIUM |
| The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions. | |||||
| CVE-2022-31738 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 6.5 MEDIUM |
| When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||||
| CVE-2025-32012 | 2025-04-16 | N/A | N/A | ||
| Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same local network as the Jellyfin server. Due to the method Jellyfin uses to determine the source IP of a request, an unauthenticated attacker is able to spoof their IP to appear as a LAN IP, allowing them to restart the Jellyfin server process without authentication. This means that an unauthenticated attacker could mount a denial-of-service attack on any default-configured Jellyfin server by simply sending the same spoofed request every few seconds to restart the server over and over. This method of IP spoofing also bypasses some security mechanisms, cause a denial-of-service attack, and possible bypass the admin restart requirement if combined with remote code execution. This issue is patched in version 10.10.7. | |||||
| CVE-2023-5616 | 2025-04-16 | N/A | 4.9 MEDIUM | ||
| In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user. | |||||
| CVE-2025-32275 | 1 Ays-pro | 1 Survey Maker | 2025-04-14 | N/A | 4.3 MEDIUM |
| Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4. | |||||
| CVE-2024-23558 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 6.3 MEDIUM |
| HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2025-32227 | 2025-04-11 | N/A | 4.3 MEDIUM | ||
| Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0. | |||||
| CVE-2024-32977 | 1 Octoprint | 1 Octoprint | 2025-04-10 | N/A | 7.1 HIGH |
| OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` option is enabled within `config.yaml`, even if they come from networks that are not configured as `localNetworks`, spoofing their IP via the `X-Forwarded-For` header. If autologin is not enabled, this vulnerability does not have any impact. The vulnerability has been patched in version 1.10.1. Until the patch has been applied, OctoPrint administrators who have autologin enabled on their instances should disable it and/or to make the instance inaccessible from potentially hostile networks like the internet. | |||||
| CVE-2023-33140 | 1 Microsoft | 1 Onenote | 2025-04-10 | N/A | 6.5 MEDIUM |
| Microsoft OneNote Spoofing Vulnerability | |||||
| CVE-1999-0012 | 2 Microsoft, Netscape | 5 Frontpage, Internet Information Server, Personal Web Server and 2 more | 2025-04-09 | 5.0 MEDIUM | 7.0 HIGH |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | |||||
| CVE-2009-1048 | 1 Snom | 10 Snom 300, Snom 300 Firmware, Snom 320 and 7 more | 2025-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header. | |||||
| CVE-2023-20025 | 1 Cisco | 8 Rv016, Rv016 Firmware, Rv042 and 5 more | 2025-04-07 | N/A | 9.0 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system. | |||||
| CVE-2025-3029 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 7.3 HIGH |
| A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2024-11701 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-05 | N/A | 4.3 MEDIUM |
| The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | |||||
| CVE-2024-9391 | 1 Mozilla | 1 Firefox | 2025-04-04 | N/A | 6.5 MEDIUM |
| A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131. | |||||
| CVE-2020-22660 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2025-04-03 | N/A | 7.5 HIGH |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to force bypass Secure Boot failed attempts and run temporarily the previous Backup image. | |||||
| CVE-2024-11692 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 4.3 MEDIUM |
| An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | |||||