CWE-294 · Authentication Bypass by Capture-replay
224 CVEs classified under CWE-294 (Authentication Bypass by Capture-replay). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49752 | Critical | 10.0 | 2025-11-20 | Azure Bastion Elevation of Privilege Vulnerability |
CVE-2026-32987 | Critical | 9.8 | 2026-03-29 | OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify… |
CVE-2025-67135 | Critical | 9.8 | 2026-02-11 | Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack. |
CVE-2025-65552 | Critical | 9.8 | 2026-01-12 | D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement roll… |
CVE-2024-38438 | Critical | 9.8 | 2024-07-21 | D-Link - CWE-294: Authentication Bypass by Capture-replay |
CVE-2023-47435 | Critical | 9.8 | 2024-04-19 | An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages. |
CVE-2023-49231 | Critical | 9.8 | 2024-03-29 | An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token. |
CVE-2023-30909 | Critical | 9.8 | 2023-09-14 | A remote authentication bypass issue exists in some OneView APIs. |
CVE-2023-1537 | Critical | 9.8 | 2023-03-21 | Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6. |
CVE-2023-23397 | Critical | 9.8 | 2023-03-14 | Microsoft Outlook Elevation of Privilege Vulnerability |
CVE-2022-44457 | Critical | 9.8 | 2022-11-08 | A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 <… |
CVE-2022-37011 | Critical | 9.8 | 2022-09-13 | A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), M… |
CVE-2022-29334 | Critical | 9.8 | 2022-05-24 | An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. |
CVE-2022-22806 | Critical | 9.8 | 2022-03-09 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection i… |
CVE-2020-35551 | Critical | 9.8 | 2020-12-18 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-chang… |
CVE-2018-19025 | Critical | 9.8 | 2020-11-02 | In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to… |
CVE-2018-17932 | Critical | 9.8 | 2020-11-02 | JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attac… |
CVE-2019-18226 | Critical | 9.8 | 2019-10-31 | Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a p… |
CVE-2018-7790 | Critical | 9.8 | 2018-08-29 | An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Th… |
CVE-2017-3191 | Critical | 9.8 | 2017-12-16 | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that… |