Weaknesses of type CWE-294
153 resultsCVE-2020-5300MEDIUMDisallow replay of `private_key_jwt` by blacklisting JTIs in HydraEPSS 1.0%CVE-2020-25660—A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients coEPSS 1.0%CVE-2022-29878HIGHA vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent duriEPSS 1.0%CVE-2022-42731HIGHmfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a uEPSS 1.0%CVE-2020-14302—A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endEPSS 1.0%CVE-2020-4042MEDIUMAuthentication bypass in BareosEPSS 1.0%CVE-2021-38459HIGHAUVESY VersiondogEPSS 1.0%CVE-2023-2846HIGHAuthentication Bypass Vulnerability in MELSEC-F Series main moduleEPSS 0.9%CVE-2024-29851HIGHVeeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account.EPSS 0.9%CVE-2025-49752CRITICALAzure Bastion Elevation of Privilege VulnerabilityEPSS 0.9%CVE-2023-1886HIGHAuthentication Bypass by Capture-replay in thorsten/phpmyfaqEPSS 0.9%CVE-2019-13533HIGHIn Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the contrEPSS 0.9%CVE-2023-1537MEDIUMAuthentication Bypass by Capture-replay in answerdev/answerEPSS 0.8%CVE-2024-29850HIGHVeeam Backup Enterprise Manager allows account takeover via NTLM relay.EPSS 0.8%CVE-2022-22936HIGHAn issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible tEPSS 0.8%CVE-2021-27662HIGHKT-1 Capture-replayEPSS 0.8%CVE-2023-6374MEDIUMAuthentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers aEPSS 0.8%CVE-2018-19023—Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized rEPSS 0.8%CVE-2021-27289CRITICALA replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = EPSS 0.7%CVE-2022-45914MEDIUMThe ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 boaEPSS 0.7%