Weaknesses of type CWE-290
471 resultsCVE-2025-36119HIGHIBM i authentication bypassEPSS 0.2%CVE-2025-13636MEDIUMInappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage EPSS 0.2%CVE-2023-41069MEDIUMThis issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to lEPSS 0.2%CVE-2026-53833HIGHQQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming CommandEPSS 0.2%CVE-2026-32229MEDIUMIn JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabledEPSS 0.2%CVE-2025-7448HIGHMan in the middle (MitM) attack vulnerability in Wi-SUN libraryEPSS 0.2%CVE-2023-7169MEDIUMImpersonate vendor signed Powershell scriptsEPSS 0.2%CVE-2026-6762MEDIUMSpoofing issue in the DOM: Core & HTML componentEPSS 0.2%CVE-2025-36754CRITICALAuthentication bypass on web interfaceEPSS 0.1%CVE-2026-47123HIGHFreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID PathEPSS 0.1%CVE-2026-33246MEDIUMNATS: Leafnode connections allow spoofing of Nats-Request-Info identity headersEPSS 0.1%CVE-2025-13634MEDIUMInappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the EPSS 0.1%CVE-2025-37147HIGHSecure Boot Bypass allows for Compromise of Hardware Root of TrustEPSS 0.1%CVE-2026-31813MEDIUMSupabase Auth has insecure Apple and Azure authentication with ID tokensEPSS 0.1%CVE-2025-54305HIGHAn issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LEPSS 0.1%CVE-2025-13635MEDIUMInappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafEPSS 0.1%CVE-2026-39411MEDIUMLobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` headerEPSS 0.1%CVE-2026-39959HIGHTmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of serviceEPSS 0.1%CVE-2024-38807MEDIUMCVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's LoaderEPSS 0.1%CVE-2026-34778MEDIUMElectron: Service worker can spoof executeJavaScript IPC repliesEPSS 0.1%