Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-294 (使用捕获-重放进行的认证绕过) — Vulnerability Class 86

86 vulnerabilities classified as CWE-294 (使用捕获-重放进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41351 OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding — OpenClaw 5.3 Medium2026-04-23
CVE-2026-35618 OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification — OpenClaw 6.5 Medium2026-04-09
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality — mppx 7.5 High2026-03-31
CVE-2026-32987 OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing — OpenClaw 9.8 Critical2026-03-29
CVE-2026-27855 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 6.8 Medium2026-03-27
CVE-2026-4583 Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay — MPOS M6 PLUS 5.0 Medium2026-03-23
CVE-2026-32053 OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization — OpenClaw 6.5 Medium2026-03-21
CVE-2026-28449 OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression — OpenClaw 6.5 Medium2026-03-19
CVE-2025-13777 Authentication Bypass due to Improper Session Validation — AWIN GW100 rev.2 8.3 High2026-03-13
CVE-2026-30789 RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks — RustDesk Client 8.4 -2026-03-05
CVE-2026-1743 DJI Mavic Mini/Air/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay — Mavic Mini 3.1 Low2026-02-02
CVE-2025-68671 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication — lakeFS 6.5 Medium2026-01-15
CVE-2025-40807 Siemens Gridscale X Prepay 安全漏洞 — Gridscale X Prepay 6.3 Medium2025-12-09
CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability — Azure Bastion Developer 10.0 Critical2025-11-20
CVE-2011-20002 Siemens SIMATIC S7-1200 CPU V1 family和Siemens SIMATIC S7-1200 CPU V2 family 安全漏洞 — SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) 7.4 High2025-10-14
CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx — Project Center 5.9 Medium2025-10-09
CVE-2025-35058 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /UserWeb/Common/MarkupServices.ashx — Project Center 5.9 Medium2025-10-09
CVE-2025-35057 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /RemoteWeb/IntegrationServices.ashx — Project Center 5.3 Medium2025-10-09
CVE-2025-54810 Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay — In-Sight 2000 series 8.0 High2025-09-18
CVE-2025-9100 zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay — My-Blog 5.3 Medium2025-08-18
CVE-2025-8616 Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication — Advanced Authentication 9.8AICriticalAI2025-08-06
CVE-2023-50786 Dradis 安全漏洞 — Dradis 4.1 Medium2025-07-05
CVE-2025-36593 Dell OpenManage Network Integration 安全漏洞 — OpenManage Network Integration 8.8 High2025-06-30
CVE-2025-6533 xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay — novel-plus 5.6 Medium2025-06-24
CVE-2025-48012 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063 — One Time Password 9.1AICriticalAI2025-05-21
CVE-2025-47706 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052 — Enterprise MFA - TFA for Drupal 9.8AICriticalAI2025-05-14
CVE-2024-12137 Authentication Bypass in Elfatek Elektronics' ANKA JPD-00028 — ANKA JPD-00028 7.6 High2025-03-19
CVE-2025-1887 SMB forced authentication vulnerability in Sage 200 Spain — Sage 200 Spain 4.9 -2025-03-07
CVE-2024-12839 Changing Information Technology CGFIDO - Authentication Bypass — CGFIDO 8.8 High2024-12-31
CVE-2024-52534 Dell ECS 安全漏洞 — ECS 5.4 Medium2024-12-25

Vulnerabilities classified as CWE-294 (使用捕获-重放进行的认证绕过) represent 86 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.