Total
409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31172 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-28478 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 5.8 MEDIUM | 7.6 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-26418 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 5.8 MEDIUM | 4.6 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-38173 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.3 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2023-36883 | 1 Microsoft | 1 Edge | 2025-02-28 | N/A | 4.3 MEDIUM |
| Microsoft Edge for iOS Spoofing Vulnerability | |||||
| CVE-2023-36769 | 1 Microsoft | 1 Onenote | 2025-02-28 | N/A | 4.6 MEDIUM |
| Microsoft OneNote Spoofing Vulnerability | |||||
| CVE-2023-35392 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.7 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-29334 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 8.2 HIGH |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | |||||
| CVE-2023-21794 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-31195 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2022-48349 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 9.1 CRITICAL |
| The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability. | |||||
| CVE-2020-6158 | 2025-02-21 | N/A | 4.7 MEDIUM | ||
| Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data. | |||||
| CVE-2023-0816 | 1 Strategy11 | 1 Formidable Form Builder | 2025-02-19 | N/A | 6.5 MEDIUM |
| The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | |||||
| CVE-2025-25055 | 2025-02-18 | N/A | 5.3 MEDIUM | ||
| Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4.0.0, which may lead to user impersonation. If exploited, restricted file contents may be accessed. | |||||
| CVE-2023-3128 | 1 Grafana | 1 Grafana | 2025-02-13 | N/A | 9.4 CRITICAL |
| Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. | |||||
| CVE-2023-34329 | 1 Ami | 1 Megarac Sp-x | 2025-02-13 | N/A | 9.1 CRITICAL |
| AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. | |||||
| CVE-2025-25182 | 2025-02-12 | N/A | 9.4 CRITICAL | ||
| Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the application is accessible not through the ALB itself. This vulnerability may also allow for server-side request forgery which may lead to code execution or further privileges escalations when using the AWS metadata URL. This scenario assumes that Stroom must be configured to use ALB Authentication integration and the application is network accessible. The vulnerability has been fixed in versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2. | |||||