Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

210 vulnerabilities with CWE-294

CVE-2026-41351 MEDIUM

OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding

CVE-2026-35618 MEDIUM

OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification

CVE-2026-30080 HIGH

OpenAirInterface 2.2.0 - Auth Bypass

CVE-2026-34209 HIGH

mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

CVE-2026-32987 CRITICAL

OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing

CVE-2026-27855 MEDIUM

OX Dovecot Pro <2.3.0 - Replay Attack

CVE-2026-4583 MEDIUM

Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay

CVE-2026-32053 MEDIUM

OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization

CVE-2026-28449 MEDIUM

OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression

CVE-2026-20999 HIGH

Samsung Mobile Smart Switch - Authentication Bypass

CVE-2026-28787 HIGH

OneUptime <=10.0.11 - Auth Bypass

CVE-2026-30789 CRITICAL

RustDesk Client <1.4.5 - Auth Bypass

CVE-2026-2540 HIGH

Micca KE700 - Replay Attack

CVE-2026-24027 MEDIUM

Crafted Zones - DoS

CVE-2026-1743 LOW

DJI Mavic Mini, Air, Spark and Mini SE <01.00.0500 - Auth Bypass

CVE-2025-13777 HIGH

ABB AWIN GW100 rev.2 & GW120 - Auth Bypass

CVE-2025-67135 CRITICAL

PF-50 1.2 - Code Injection

CVE-2025-59023 HIGH

CVE-2025-69822 HIGH

Atomberg Erica Smart Fan Firmware - Information Disclosure

CVE-2025-68671 MEDIUM

LakeFS <1.75.0 - Replay Attack

CVE-2025-65553 MEDIUM

D3D Wi-Fi Home Security System ZX-G12 v2.1.17 - DoS

CVE-2025-65552 CRITICAL

D3D Wi-Fi Home Security System ZX-G12 v2.1.1 - Info Disclosure

CVE-2025-69197 MEDIUM

Pterodactyl <1.11.11 - Info Disclosure

CVE-2025-40807 MEDIUM

Gridscale X Prepay <V4.2.1 - Auth Bypass

CVE-2025-30201 HIGH

Wazuh <4.13.0 - Privilege Escalation

Page 1 of 9 Next

Details

Vulnerabilities 210

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy