Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

219 vulnerabilities with CWE-294

CVE-2025-67135 CRITICAL

PGST PG107 Alarm System 1.25.05.hf - Authentication Bypass via Keyfob Replay Attack

CVE-2025-59023 HIGH

PowerDNS Recursor 5.1.0-5.1.7, 5.2.0-5.2.5, 5.3.0 - Cache Poisoning via Crafted Delegations or IP Fragments

CVE-2025-69822 HIGH

Atomberg Erica Smart Fan Firmware V1.0.36 - Exposure of Sensitive Information via Crafted Deauth Frame

CVE-2025-68671 MEDIUM

lakeFS < 1.75.0 - Authentication Bypass via S3 Gateway Request Replay

CVE-2025-65553 MEDIUM

D3D Wi-Fi Home Security System ZX-G12 v2.1.17 - DoS

CVE-2025-65552 CRITICAL

D3D Wi-Fi Home Security System ZX-G12 v2.1.1 - Info Disclosure

CVE-2025-69197 MEDIUM

Pterodactyl <1.11.11 - Info Disclosure

CVE-2025-40807 MEDIUM

Gridscale X Prepay <V4.2.1 - Auth Bypass

CVE-2025-30201 HIGH

Wazuh <4.13.0 - Privilege Escalation

CVE-2025-49752 CRITICAL

Azure Bastion - Privilege Escalation

CVE-2025-64131 HIGH

Jenkins SAML Plugin <4.583 - Auth Bypass

CVE-2025-35061 MEDIUM

Newforma Project Center < 2023.2 - Unauthenticated NTLM Hash Capture via LegacyIntegrationServices.asmx

CVE-2025-35058 MEDIUM

Newforma Project Center < 2023.2 - Unauthenticated NTLMv2 Hash Capture via MarkupServices.ashx

CVE-2025-35057 MEDIUM

Newforma Project Center < 2024.3 - Unauthenticated NTLM Hash Capture via SMB Connection Replay

CVE-2025-54810 HIGH

Cognex In-Sight Explorer & Camera Firmware - Info Disclosure

CVE-2025-56448 MEDIUM

Positron PX360BT SW REV 8 - Replay Attack

CVE-2025-9100 MEDIUM

zhenfeng13 My-Blog 1.0.0 - Auth Bypass

CVE-2025-8616 MEDIUM

OpenText Advanced Authentication <6.5.0 - Auth Bypass

CVE-2025-36593 HIGH

Dell OpenManage Network Integration < 3.8 - Authentication Bypass via RADIUS Capture-replay

CVE-2025-6533 MEDIUM

xxyopen/201206030 novel-plus <5.1.3 - Auth Bypass

CVE-2025-6030 CRITICAL

Cyclone Matrix TRF Smart - Replay Attack

CVE-2025-6029 CRITICAL

KIA-branded Aftermarket Generic Smart - Replay Attack

CVE-2025-48012 MEDIUM

Drupal One Time Password < 8.x-1.3 - Authentication Bypass via Capture-replay

CVE-2025-30072 HIGH

Tiiwee X1 Alarm System TWX1HAKV2 - Auth Bypass

CVE-2025-47706 MEDIUM

miniorange_2fa 5.0.0-5.2.0 - Authentication Bypass via Capture-replay

Previous Page 2 of 9 Next

Details

Vulnerabilities 219

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy