Total
187 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0014 | 1 Sap | 4 Netweaver Application Server Abap, Netweaver Application Server Abap Kernel, Netweaver Application Server Abap Krnl64nuc and 1 more | 2025-04-09 | 9 Critical |
| SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system. | ||||
| CVE-2023-0036 | 1 Openatom | 1 Openharmony | 2025-04-09 | 6.5 Medium |
| platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | ||||
| CVE-2002-0054 | 1 Microsoft | 2 Exchange Server, Windows 2000 | 2025-04-03 | N/A |
| SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | ||||
| CVE-2022-43704 | 1 Sinilink | 2 Xy-wft1, Xy-wft1 Firmware | 2025-04-02 | 5.9 Medium |
| The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment. | ||||
| CVE-2024-4009 | 1 Abb | 10 2tma310010b0001, 2tma310010b0001 Firmware, 2tma310010b0003 and 7 more | 2025-03-27 | 9.2 Critical |
| Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System | ||||
| CVE-2024-39081 | 1 Jktyre | 1 Smart Tyre Car \& Bike | 2025-03-17 | 4.2 Medium |
| An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications. | ||||
| CVE-2023-2846 | 1 Mitsubishielectric | 300 Fx3g-14mr\/ds, Fx3g-14mr\/ds Firmware, Fx3g-14mr\/es and 297 more | 2025-03-05 | 7.5 High |
| Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. | ||||
| CVE-2023-1537 | 1 Answer | 1 Answer | 2025-02-27 | 9.8 Critical |
| Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2025-26201 | 2025-02-24 | 9.1 Critical | ||
| Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges. | ||||
| CVE-2023-1886 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 7.3 High |
| Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2022-45789 | 1 Schneider-electric | 72 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 69 more | 2025-02-05 | 8.1 High |
| A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions) | ||||
| CVE-2022-47930 | 1 Iofinnet | 1 Tss-lib | 2025-02-05 | 6.8 Medium |
| An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. | ||||
| CVE-2024-49595 | 1 Dell | 1 Wyse Management Suite | 2025-02-04 | 7.6 High |
| Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | ||||
| CVE-2024-52534 | 1 Dell | 1 Elastic Cloud Storage | 2025-01-21 | 5.4 Medium |
| Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft. | ||||
| CVE-2023-31762 | 1 Mydigoo | 2 Dg-hamb, Dg-hamb Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-31761 | 1 Blitzwolf | 2 Bw-is22, Bw-is22 Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-31759 | 1 Keruistore | 2 Kerui W18, Kerui W18 Firmware | 2025-01-17 | 7.5 High |
| Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. | ||||
| CVE-2023-31763 | 1 Agshome Smart Alarm Project | 2 Agshome Smart Alarm, Agshome Smart Alarm Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-36857 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2025-01-16 | 5.4 Medium |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | ||||
| CVE-2024-5249 | 1 Perforce | 1 Akana Api | 2025-01-09 | 5.4 Medium |
| In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. | ||||