CVE & Exploit Intelligence Database

CVE-2024-29901 4.8 MEDIUM 1 Writeup EPSS 0.00

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.

CWE-294 Mar 29, 2024

CVE-2023-49231 9.8 CRITICAL EPSS 0.01

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.

CWE-294 Mar 29, 2024

CVE-2023-6374 5.9 MEDIUM EPSS 0.01

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.

CWE-294 Jan 30, 2024

CVE-2023-46892 8.8 HIGH EPSS 0.00

The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature).

CWE-294 Jan 23, 2024

CVE-2023-50128 5.3 MEDIUM EPSS 0.00

The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.

CWE-294 Jan 11, 2024

CVE-2022-46480 8.1 HIGH EPSS 0.00

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

CWE-294 Dec 05, 2023

CVE-2023-39547 8.8 HIGH EPSS 0.00

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

CWE-294 Nov 17, 2023

CVE-2023-45794 6.8 MEDIUM EPSS 0.00

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app.

CWE-294 Nov 14, 2023

CVE-2023-36857 5.4 MEDIUM EPSS 0.00

Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access.

CWE-294 Oct 19, 2023

CVE-2023-41890 7.5 HIGH EPSS 0.00

Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible.

CWE-289 Sep 19, 2023

CVE-2023-30909 9.8 CRITICAL EPSS 0.05

A remote authentication bypass issue exists in some OneView APIs.

CWE-294 Sep 14, 2023

CVE-2023-39373 7.4 HIGH EPSS 0.00

 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.

CWE-294 Sep 03, 2023

CVE-2023-20900 7.1 HIGH EPSS 0.01

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CWE-294 Aug 31, 2023

CVE-2023-34625 8.1 HIGH EPSS 0.00

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock.

CWE-294 Jul 20, 2023

CVE-2022-48507 7.5 HIGH EPSS 0.00

Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.

CWE-294 Jul 06, 2023

CVE-2023-2846 7.5 HIGH EPSS 0.00

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets.

CWE-294 Jun 30, 2023

CVE-2023-34553 6.5 MEDIUM EPSS 0.00

An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.

CWE-294 Jun 22, 2023

CVE-2023-29158 6.1 MEDIUM EPSS 0.00

SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.

CWE-294 Jun 19, 2023

CVE-2023-33621 5.9 MEDIUM EPSS 0.00

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.

CWE-294 Jun 13, 2023

CVE-2023-31763 7.5 HIGH EPSS 0.00

Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.

CWE-294 May 24, 2023