Vulnerabilities (CVE)

Filtered by CWE-294
Total 166 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50786 2025-07-05 N/A 4.1 MEDIUM
Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.
CVE-2024-29850 1 Veeam 1 Veeam Backup \& Replication 2025-07-03 N/A 8.8 HIGH
Veeam Backup Enterprise Manager allows account takeover via NTLM relay.
CVE-2024-29851 1 Veeam 1 Veeam Backup \& Replication 2025-07-03 N/A 7.2 HIGH
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.
CVE-2025-36593 2025-07-03 N/A 8.8 HIGH
Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request.
CVE-2024-12137 2025-06-27 N/A 7.6 HIGH
Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01.
CVE-2025-6533 2025-06-26 5.1 MEDIUM 5.6 MEDIUM
A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-50128 1 Hozard 1 Alarm System 2025-06-20 N/A 5.3 MEDIUM
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.
CVE-2023-46892 1 Meross 2 Msh30q, Msh30q Firmware 2025-06-17 N/A 8.8 HIGH
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature).
CVE-2024-38823 2025-06-16 N/A 2.7 LOW
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.
CVE-2025-6029 2025-06-16 N/A N/A
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release.  CVE Record will be updated once this is clarified.
CVE-2025-6030 2025-06-16 N/A N/A
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto.  Attack confirmed on other KIA Models in Ecuador.
CVE-2025-30072 1 Tiiwee 2 Twx1hakv2, Twx1hakv2 Firmware 2025-06-12 N/A 7.6 HIGH
Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm.
CVE-2025-47706 1 Miniorange 1 Miniorange 2fa 2025-06-10 N/A 4.8 MEDIUM
Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVE-2025-48012 1 One Time Password Project 1 One Time Password 2025-06-10 N/A 4.8 MEDIUM
Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVE-2021-46835 1 Huawei 2 Ws7200-10, Ws7200-10 Firmware 2025-05-28 N/A 4.3 MEDIUM
There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.
CVE-2022-42731 1 Django-mfa2 Project 1 Django-mfa2 2025-05-20 N/A 7.5 HIGH
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.
CVE-2022-41541 1 Tp-link 2 Ax10, Ax10 Firmware 2025-05-15 N/A 8.1 HIGH
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.
CVE-2022-2780 1 Octopus 1 Octopus Server 2025-05-15 N/A 8.1 HIGH
In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
CVE-2024-29901 1 Workos 1 Authkit 2025-05-07 N/A 4.8 MEDIUM
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.
CVE-2025-46815 2025-05-07 N/A 8.0 HIGH
The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id and token can then be used to authenticate the user or their session. However, prior to versions 3.0.0, 2.71.9, and 2.70.10, it was possible to exploit this feature by repeatedly using intents. This allowed an attacker with access to the application’s URI to retrieve the id and token, enabling them to authenticate on behalf of the user. It's important to note that the use of additional factors (MFA) prevents a complete authentication process and, consequently, access to the ZITADEL API. Versions 3.0.0, 2.71.9, and 2.70.10 contain a fix for the issue. No known workarounds other than upgrading are available.