Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46041 | 2026-04-15 | N/A | 8.8 HIGH | ||
| IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. | |||||
| CVE-2026-30080 | 1 Openairinterface | 1 Oai-cn5g-amf | 2026-04-14 | N/A | 7.5 HIGH |
| OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context can lead to the possibility of replay attack. | |||||
| CVE-2022-37418 | 3 Hyundai, Kia, Nissan | 6 Hyundai, Hyundai Firmware, Kia and 3 more | 2026-04-06 | N/A | 6.4 MEDIUM |
| The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | |||||
| CVE-2026-34209 | 1 Wevm | 1 Mppx | 2026-04-03 | N/A | 7.5 HIGH |
| mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing or griefing the channel for free. This issue has been patched in version 0.4.11. | |||||
| CVE-2026-32987 | 1 Openclaw | 1 Openclaw | 2026-03-31 | N/A | 9.8 CRITICAL |
| OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times before approval to escalate pending pairing scopes, including privilege escalation to operator.admin. | |||||
| CVE-2026-20999 | 1 Samsung | 1 Smart Switch | 2026-03-31 | N/A | 7.5 HIGH |
| Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. | |||||
| CVE-2026-30789 | 5 Apple, Google, Linux and 2 more | 6 Iphone Os, Macos, Android and 3 more | 2026-03-25 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4.5. | |||||
| CVE-2026-28449 | 1 Openclaw | 1 Openclaw | 2026-03-25 | N/A | 6.5 MEDIUM |
| OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing and cause integrity or availability issues. | |||||
| CVE-2026-32053 | 1 Openclaw | 1 Openclaw | 2026-03-24 | N/A | 6.5 MEDIUM |
| OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state transitions, potentially causing incorrect call handling and state corruption. | |||||
| CVE-2026-28787 | 1 Hackerbay | 1 Oneuptime | 2026-03-10 | N/A | 8.2 HIGH |
| OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during verification. This violates the WebAuthn specification (W3C Web Authentication Level 2, ยง13.4.3) and allows an attacker who has obtained a valid WebAuthn assertion (e.g., via XSS, MitM, or log exposure) to replay it indefinitely, completely bypassing the second-factor authentication. No known patches are available. | |||||
| CVE-2025-68671 | 1 Lakefs | 1 Lakefs | 2026-02-25 | N/A | 6.5 MEDIUM |
| lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request (e.g., through network interception, logs, or compromised systems) can replay that request until credentials are rotated, even after the request is intended to expire. This vulnerability is fixed in 1.75.0. | |||||
| CVE-2025-65552 | 1 D3dsecurity | 2 Zx-g12, Zx-g12 Firmware | 2026-02-03 | N/A | 9.8 CRITICAL |
| D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames and replay them to trigger false alarms. | |||||
| CVE-2025-69822 | 1 Atomberg | 2 Erica Smart Fan, Erica Smart Fan Firmware | 2026-02-02 | N/A | 7.4 HIGH |
| An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame | |||||
| CVE-2025-65553 | 1 D3dsecurity | 2 Xz-g12, Xz-g12 Firmware | 2026-01-22 | N/A | 6.5 MEDIUM |
| D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jamming on the 433 MHz alarm sensor channel. An attacker within RF range can transmit continuous interference to block sensor transmissions, resulting in missed alarms and loss of security monitoring. The device lacks jamming detection or mitigations, creating a denial-of-service condition that may lead to undetected intrusions or failure to trigger safety alerts. | |||||
| CVE-2025-36593 | 1 Dell | 1 Openmanage Network Integration | 2026-01-14 | N/A | 8.8 HIGH |
| Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request. | |||||
| CVE-2025-69197 | 1 Pterodactyl | 1 Panel | 2026-01-12 | N/A | 6.5 MEDIUM |
| Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This allows an attacker who intercepts that token to use it in addition to a known username/password during the 60-second token validity window. The attacker must have intercepted a valid 2FA token (for example, during a screen share). This issue is fixed in version 1.12.0. | |||||
| CVE-2025-40807 | 1 Siemens | 1 Gridscale X Prepay | 2026-01-02 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions. | |||||
| CVE-2025-64131 | 1 Jenkins | 1 Saml | 2025-12-22 | N/A | 7.5 HIGH |
| Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user. | |||||
| CVE-2022-29878 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2025-12-09 | 6.8 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device. | |||||
| CVE-2025-30201 | 1 Wazuh | 1 Wazuh | 2025-12-02 | N/A | 7.7 HIGH |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0. | |||||