Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

219 vulnerabilities with CWE-294

CVE-2025-46815 HIGH

ZITADEL < 2.70.10 and 2.71.x < 2.71.9 and 3.0.0-rc.1-3.0.0 - Session Hijacking via IdP Intent Reuse

CVE-2025-1887 HIGH

Sage 200 Spain <2025.35.000 - Privilege Escalation

CVE-2025-26201 CRITICAL

GreaterWMS <= 2.1.49 - Info Disclosure

CVE-2024-38823 LOW

Salt's Request Server - Replay Attack

CVE-2024-12137 HIGH

Elfatek Elektronics ANKA JPD-00028 - Auth Bypass

CVE-2024-12839 HIGH

CGFIDO < 1.2.1 - Authentication Bypass via Device Signature Replay

CVE-2024-52534 MEDIUM

Dell ECS < 3.8.1.3 - Authentication Bypass by Capture-replay

CVE-2024-49595 HIGH

Dell Wyse Management Suite <4.4 - Auth Bypass

CVE-2024-36250 LOW

Mattermost <9.11.3-9.5.11 - Info Disclosure

CVE-2024-40715 HIGH

Veeam Backup & Replication Enterprise Manager - Auth Bypass

CVE-2024-22066 HIGH

ZTE ZXR10 ZSR V2 - Privilege Escalation

CVE-2024-46041 HIGH

IoT Haat Smart Plug IH-IN-16A-S <5.16.1 - Auth Bypass

CVE-2024-39081 MEDIUM

SMART TYRE CAR & BIKE <4.2.0 - SSRF

CVE-2024-43099 HIGH

DirectLogic H2-DM1E < 2.8.0 - Session Hijacking via Session Key Capture

CVE-2024-8260 MEDIUM

OPA for Windows <v0.68.0 - SMB Force-Authentication

CVE-2024-3982 HIGH

MicroSCADA X SYS600 10.0-10.6 - Session Hijacking via Session Logging

CVE-2024-45244 MEDIUM

Hyperledger Fabric <3.0.0, <2.5.10 - Info Disclosure

CVE-2024-38890 HIGH

Caterease 16.0.1.1663-24.0.1.2405 - Authentication Bypass by Capture-replay

CVE-2024-5249 MEDIUM

Akana API Platform <2024.1.0 - Info Disclosure

CVE-2024-38438 CRITICAL

D-Link - Auth Bypass

CVE-2024-37016 MEDIUM

Mengshen Wireless Door Alarm M70 - Auth Bypass

CVE-2024-38272 MEDIUM

Quick Share <1.0.1724.0 - Auth Bypass

CVE-2024-38284 HIGH

Motorola Solutions Vigilant Fixed LPR Coms Box < 3.1.171.9 - Authentication Bypass via Replay Attack

CVE-2024-34065 HIGH

Strapi < 4.24.2 - Unauthenticated Authentication Bypass via Open Redirect and Session Token Exposure

CVE-2024-4009 CRITICAL

ABB, Busch-Jaeger, FTS Display <1.00 & BCU <1.3.0.33 - Replay Attack

Previous Page 3 of 9 Next

Details

Vulnerabilities 219

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy