Total
170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26201 | 2025-02-24 | 9.1 Critical | ||
| Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges. | ||||
| CVE-2022-37660 | 2025-02-13 | 6.5 Medium | ||
| In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association. | ||||
| CVE-2023-1886 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 7.3 High |
| Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2022-45789 | 1 Schneider-electric | 72 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 69 more | 2025-02-05 | 8.1 High |
| A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions) | ||||
| CVE-2022-47930 | 1 Iofinnet | 1 Tss-lib | 2025-02-05 | 6.8 Medium |
| An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. | ||||
| CVE-2024-49595 | 1 Dell | 1 Wyse Management Suite | 2025-02-04 | 7.6 High |
| Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | ||||
| CVE-2024-52534 | 1 Dell | 1 Elastic Cloud Storage | 2025-01-21 | 5.4 Medium |
| Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft. | ||||
| CVE-2023-31762 | 1 Mydigoo | 2 Dg-hamb, Dg-hamb Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-31761 | 1 Blitzwolf | 2 Bw-is22, Bw-is22 Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-31759 | 1 Keruistore | 2 Kerui W18, Kerui W18 Firmware | 2025-01-17 | 7.5 High |
| Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. | ||||
| CVE-2023-31763 | 1 Agshome Smart Alarm Project | 2 Agshome Smart Alarm, Agshome Smart Alarm Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-36857 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2025-01-16 | 5.4 Medium |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | ||||
| CVE-2024-5249 | 1 Perforce | 1 Akana Api | 2025-01-09 | 5.4 Medium |
| In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. | ||||
| CVE-2023-45794 | 1 Siemens | 1 Mendix | 2025-01-08 | 6.8 Medium |
| A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. | ||||
| CVE-2023-33621 | 1 Gl-inet | 2 Gl-ar750s, Gl-ar750s Firmware | 2025-01-03 | 5.9 Medium |
| GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay. | ||||
| CVE-2024-12839 | 2024-12-31 | 8.8 High | ||
| The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device. | ||||
| CVE-2018-9477 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-29158 | 1 Subnet | 1 Powersystem Center | 2024-12-09 | 6.1 Medium |
| SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | ||||
| CVE-2023-34553 | 1 Wafucn | 2 Wafu Keyless Smart Lock, Wafu Keyless Smart Lock Firmware | 2024-12-06 | 6.5 Medium |
| An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. | ||||
| CVE-2023-39547 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-12-02 | 8.8 High |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | ||||