CWE-294: CWE-294

Dell OpenManage Network Integration versions before 3.8 contain a RADIUS authentication bypass vulnerability where attackers can replay captured proto...

The IoT Haat Smart Plug IH-IN-16A-S v5.16.1 has an authentication bypass vulnerability where attackers can replay captured authentication data to gain...

This vulnerability allows session hijacking in industrial control systems by capturing session keys used between host PCs and PLCs. Attackers can inje...

The Meross MSH30Q thermostat's radio frequency communication protocol is vulnerable to replay attacks, allowing attackers to record legitimate command...

CVE-2022-31277 is a replay attack vulnerability in Xiaomi Lamp 1 smart bulbs that allows attackers to capture and reuse authentication requests. This ...

This vulnerability allows remote attackers to execute arbitrary code on a user's system when they launch a replay file from an untrusted source in Wor...

This vulnerability in SaltStack Salt allows attackers to replay job publishes and file server responses, potentially causing minions to execute outdat...

This vulnerability allows a local attacker to bypass authentication in Caterease Software by performing a capture-replay attack due to insufficient pr...

This CVE describes an authentication bypass vulnerability in multiple Mitsubishi Electric MELSEC industrial control system (ICS) products. Attackers c...

Laravel Fortify before version 1.11.1 has a TOTP (Time-based One-Time Password) vulnerability where one-time codes can be reused within a short time w...

Cognex In-Sight Explorer and In-Sight Camera Firmware transmit user credentials over unencrypted TCP port 1069, allowing adjacent attackers to interce...

This vulnerability in ZITADEL's Session API allows attackers to repeatedly use idp intents to steal authentication tokens. Attackers with access to th...

This vulnerability allows attackers to bypass authentication in Veeam Backup & Replication Enterprise Manager by performing a Man-in-the-Middle attack...

This authentication bypass vulnerability in Elfatek Elektronics ANKA JPD-00028 allows attackers to hijack user sessions by capturing and replaying aut...

Dell Wyse Management Suite versions 4.4 and earlier contain an authentication bypass vulnerability where attackers can replay captured authentication ...

CVE-2024-22066 is an authentication bypass vulnerability in ZTE ZXR10 ZSR V2 routers that allows authenticated attackers to escalate privileges and ac...

This vulnerability allows attackers to bypass security controls in the Kerui W18 Alarm System by recording and replaying 433MHz signals from the keyfo...

CVE-2023-31762 is a code replay vulnerability in the Digoo DG-HAMB Smart Home Security System transmitter that allows attackers to capture and replay ...

CVE-2021-22640 allows an attacker to decrypt the Ovarro TBox login password by capturing communication and performing brute-force attacks, potentially...

This vulnerability allows unauthenticated attackers to bypass authentication on SICAM T devices by capturing and replaying challenge-response pairs. A...

This vulnerability in Apache Spark allows attackers to recover full encryption keys from RPC connections using a flawed mutual authentication protocol...

This vulnerability allows an attacker to exploit Windows NTLM authentication to elevate privileges on affected systems. It affects Windows operating s...

Cosmos Network Ethermint versions up to v0.4.0 have a cross-chain transaction replay vulnerability in the EVM module. This allows attackers to replay ...

This vulnerability allows an on-path attacker between engineering software and SIMATIC S7-1200 controllers to replay previously captured commands, pot...

This CVE describes an authentication bypass vulnerability in a 2017 Hyundai vehicle model where attackers can capture and replay legitimate authentica...

This CVE describes an authentication bypass vulnerability in phpMyFAQ where attackers can replay captured authentication data to gain unauthorized acc...

This vulnerability in Veeam Backup Enterprise Manager allows authenticated high-privileged users to capture the NTLM hash of the Enterprise Manager se...

This CVE describes an authentication bypass vulnerability in Strapi's users-permissions plugin. By combining an open redirect with session tokens sent...

This CVE describes a privilege escalation vulnerability in VMware vSphere where a malicious actor with Guest Operation Privileges in a target virtual ...

CVE-2021-26824 is an authentication bypass vulnerability in DM FingerTool v1.19 on DM PD065 Secure USB devices. It allows local attackers to replay au...

The Positron PX360BT car alarm system is vulnerable to replay attacks due to improper rolling code implementation, allowing attackers to reuse capture...

This vulnerability allows attackers to bypass authentication on Mengshen Wireless Door Alarm M70 devices by capturing and replaying network traffic. A...

LakeFS's S3 gateway fails to validate timestamps in authenticated requests, allowing replay attacks. Attackers who capture valid signed requests can r...

The D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is vulnerable to RF jamming attacks on its 433 MHz alarm sensor channel. Attackers within radio freq...

Gridscale X Prepay versions before V4.2.1 are vulnerable to authentication token capture-replay attacks. This allows authenticated users who should be...

CVE-2025-35061 is an authentication relay vulnerability in Newforma Info Exchange (NIX) that allows unauthenticated attackers to force the system to m...

CVE-2025-35058 is an authentication bypass vulnerability in Newforma Info Exchange (NIX) that allows unauthenticated remote attackers to force the NIX...

This vulnerability allows attackers to replay SAML tokens in Akana API Platform, potentially enabling unauthorized access to protected resources. Orga...

This vulnerability in Newforma Info Exchange (NIX) allows remote, unauthenticated attackers to force the NIX server to initiate SMB connections to att...