CVE-2026-21264

CVE-2026-21264 concerns improper neutralization of input during web page generation (XSS) in Microsoft Account, enabling a network-based spoofing scenario. The vulnerability affects Microsoft Account web page rendering and can lead to spoofing without listed exploitation likelihood in the provide...

CVE-2026-21264 Microsoft Account Spoofing Vulnerability

...

CVE-2026-21264 Microsoft Account Spoofing Vulnerability

...

EUVD-2019-18376

Malware in sbrugna...

EUVD-2016-0276

Malware in sbrugna...

EUVD-2023-32955

Malicious code in bioql PyPI...

EUVD-2024-0529

Malicious code in bioql PyPI...

CVE-2025-27509

Fleet has a SAML authentication vulnerability (CVE-2025-27509) due to improper SAML response validation in fleetdm/fleet. In vulnerable versions, an attacker could forge authentication assertions, potentially provisioning a new administrative user under JIT provisioning or creating accounts tied ...

Account Spoofing

phpMyFAQ is vulnerable to User Account Spoofing. The vulnerability is due to the user removal page lacking backend validation, allowing an attacker to manipulate form details by intercepting the request via a proxy, which can allow an attacker to trick an admin into removing the account...

PT-2022-23355 · Devolutions +1 · Devolutions Remote Desktop Manager +1

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2022.3.13 through 2022.3.24 Description: The issue allows an authenticated user to spoof a privileged account due to elevation of privilege in the Azure SQL Data Source. Recommendations: For version...

Exploit for CVE-2021-42278

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA f...

CVE-2019-8989

The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s...

CVE-2019-8989

The CVE describes a spoofing flaw in the application server components of TIBCO Data Science for AWS and TIBCO Spotfire Data Science, affecting releases up to 6.4.0 for both products. Impact is that an authenticated user could spoof their account to appear as another user in the affected system. ...

Design/Logic Flaw

The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORSORIGINALLOWALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not...

Dropbox SDK for Android account spoofing

It's possible to spoof account via OAuth...