Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6030 | 2025-06-13 | N/A | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador. | |||||
| CVE-2025-6029 | 2025-06-13 | N/A | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record will be updated once this is clarified. | |||||
| CVE-2024-38823 | 2025-06-13 | N/A | 2.7 LOW | ||
| Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport. | |||||
| CVE-2025-30072 | 1 Tiiwee | 2 Twx1hakv2, Twx1hakv2 Firmware | 2025-06-12 | N/A | 7.6 HIGH |
| Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm. | |||||
| CVE-2025-47706 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | N/A | 4.8 MEDIUM |
| Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | |||||
| CVE-2025-48012 | 1 One Time Password Project | 1 One Time Password | 2025-06-10 | N/A | 4.8 MEDIUM |
| Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0. | |||||
| CVE-2021-46835 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2025-05-28 | N/A | 4.3 MEDIUM |
| There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. | |||||
| CVE-2022-42731 | 1 Django-mfa2 Project | 1 Django-mfa2 | 2025-05-20 | N/A | 7.5 HIGH |
| mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage. | |||||
| CVE-2022-41541 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2025-05-15 | N/A | 8.1 HIGH |
| TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. | |||||
| CVE-2022-2780 | 1 Octopus | 1 Octopus Server | 2025-05-15 | N/A | 8.1 HIGH |
| In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. | |||||
| CVE-2025-46815 | 2025-05-07 | N/A | 8.0 HIGH | ||
| The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id and token can then be used to authenticate the user or their session. However, prior to versions 3.0.0, 2.71.9, and 2.70.10, it was possible to exploit this feature by repeatedly using intents. This allowed an attacker with access to the application’s URI to retrieve the id and token, enabling them to authenticate on behalf of the user. It's important to note that the use of additional factors (MFA) prevents a complete authentication process and, consequently, access to the ZITADEL API. Versions 3.0.0, 2.71.9, and 2.70.10 contain a fix for the issue. No known workarounds other than upgrading are available. | |||||
| CVE-2024-38890 | 1 Horizoncloud | 1 Caterease | 2025-05-06 | N/A | 8.4 HIGH |
| An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks. | |||||
| CVE-2022-29593 | 1 Dingtian-tech | 2 Dt-r004, Dt-r004 Firmware | 2025-05-05 | N/A | 5.9 MEDIUM |
| relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request. | |||||
| CVE-2022-22936 | 1 Saltstack | 1 Salt | 2025-05-05 | 5.4 MEDIUM | 8.8 HIGH |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios. | |||||
| CVE-2022-44457 | 1 Mendix | 1 Saml | 2025-05-01 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration. | |||||
| CVE-2020-35473 | 1 Bluetooth | 1 Bluetooth Core Specification | 2025-05-01 | N/A | 4.3 MEDIUM |
| An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel. | |||||
| CVE-2022-44555 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. | |||||
| CVE-2021-38827 | 1 Xiongmaitech | 2 Xm-jpr2-lx, Xm-jpr2-lx Firmware | 2025-04-30 | N/A | 7.5 HIGH |
| Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. | |||||
| CVE-2022-45914 | 1 Electronic Shelf Label Protocol Project | 1 Electronic Shelf Label Protocol | 2025-04-29 | N/A | 6.5 MEDIUM |
| The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing. | |||||
| CVE-2022-25837 | 1 Bluetooth | 1 Bluetooth Core Specification | 2025-04-22 | N/A | 7.5 HIGH |
| Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion. | |||||