Total
181 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8616 | 2025-08-06 | N/A | ||
| A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0. | ||||
| CVE-2023-23397 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-30 | 9.8 Critical |
| Microsoft Outlook Elevation of Privilege Vulnerability | ||||
| CVE-2024-45244 | 1 Hyperledger | 1 Fabric | 2025-07-21 | 5.3 Medium |
| Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window. | ||||
| CVE-2023-50786 | 1 Dradisframework | 1 Dradis | 2025-07-13 | 4.1 Medium |
| Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network. | ||||
| CVE-2022-37660 | 1 Hostapd | 1 Hostapd | 2025-07-12 | 6.5 Medium |
| In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passively observing public keys, re-using the encrypting element Qi and subtracting it from the captured message M (X = M - Qi). This will result in the public ephemeral key X; the only element required to subvert the PKEX association. | ||||
| CVE-2025-1887 | 1 Sage | 1 Sage 200 Spain | 2025-07-12 | N/A |
| SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker. | ||||
| CVE-2024-40715 | 1 Veeam | 2 Backup \& Replication, Veeam Backup \& Replication | 2025-07-11 | N/A |
| A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. | ||||
| CVE-2024-29850 | 1 Veeam | 2 Backup Enterprise Manager, Veeam Backup \& Replication | 2025-07-03 | N/A |
| Veeam Backup Enterprise Manager allows account takeover via NTLM relay. | ||||
| CVE-2024-29851 | 1 Veeam | 2 Backup Enterprise Manager, Veeam Backup \& Replication | 2025-07-03 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. | ||||
| CVE-2025-36593 | 2025-07-03 | 8.8 High | ||
| Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request. | ||||
| CVE-2024-12137 | 2025-06-27 | 7.6 High | ||
| Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01. | ||||
| CVE-2025-6533 | 2025-06-26 | 5.6 Medium | ||
| A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulation leads to authentication bypass by capture-replay. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-50128 | 1 Hozard | 1 Alarm System | 2025-06-20 | 5.3 Medium |
| The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state. | ||||
| CVE-2023-46892 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | 8.8 High |
| The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature). | ||||
| CVE-2024-38823 | 2025-06-16 | 2.7 Low | ||
| Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport. | ||||
| CVE-2025-6030 | 2025-06-16 | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador. | ||||
| CVE-2025-6029 | 2025-06-16 | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record will be updated once this is clarified. | ||||
| CVE-2025-30072 | 1 Tiiwee | 2 Twx1hakv2, Twx1hakv2 Firmware | 2025-06-12 | 7.6 High |
| Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm. | ||||
| CVE-2025-47706 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | 4.8 Medium |
| Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | ||||
| CVE-2025-48012 | 1 One Time Password Project | 1 One Time Password | 2025-06-10 | 4.8 Medium |
| Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0. | ||||