Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

219 vulnerabilities with CWE-294

CVE-2026-34021 HIGH

Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message sniffing and replay

CVE-2026-41000 LOW

WSS4J validation does not use configured replay cache

CVE-2026-49322 MEDIUM

Indian Scout Bobber 2025 WCM - Weak PIN Authentication

CVE-2026-9095 HIGH

Casdoor < 2.362.0 - Unauthenticated SAML Assertion Replay Attack via ParseSamlResponse

CVE-2026-46538 MEDIUM

Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection

CVE-2026-9398 LOW

Besen BS20 EV Charging Station BLE/WiFi authentication replay

CVE-2026-37982 MEDIUM

Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay

CVE-2026-42602 HIGH

azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

CVE-2026-7168 MEDIUM

curl - Authentication Bypass via Proxy-Authorization Header Reuse

CVE-2026-41351 MEDIUM

OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding

CVE-2026-35618 MEDIUM

OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification

CVE-2026-30080 HIGH

OpenAirInterface 2.2.0 - Auth Bypass

CVE-2026-34209 HIGH

mppx Tempo Session Close - Voucher Bypass

CVE-2026-32987 CRITICAL

OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing

CVE-2026-27855 MEDIUM

OX Dovecot Pro <2.3.0 - Replay Attack

CVE-2026-4583 MEDIUM

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay

CVE-2026-32053 MEDIUM

OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization

CVE-2026-28449 MEDIUM

OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression

CVE-2026-20999 HIGH

Samsung Mobile Smart Switch < 3.7.69.15 - Authentication Bypass via Replay Attack

CVE-2026-28787 HIGH

OneUptime < 10.0.11 - Authentication Bypass via WebAuthn Challenge Replay

CVE-2026-30789 CRITICAL

RustDesk Client <1.4.5 - Auth Bypass

CVE-2026-2540 HIGH

Micca Car Alarm System KE700 - Authentication Bypass via Replay Attack

CVE-2026-24027 MEDIUM

PowerDNS Recursor 5.1.0-5.1.9 5.2.0-5.2.7 5.3.0-5.3.4 - Denial of Service via Crafted Zone

CVE-2026-1743 LOW

DJI Mavic Mini, Air, Spark and Mini SE <01.00.0500 - Auth Bypass

CVE-2025-13777 HIGH

ABB AWIN GW100 rev.2 & GW120 - Auth Bypass

Page 1 of 9 Next

Details

Vulnerabilities 219

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy