Falhas do tipo CWE-294
153 resultadosCVE-2025-56448MEDIUMThe Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The EPSS 0.3%CVE-2025-40807MEDIUMA vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay EPSS 0.3%CVE-2026-30080HIGHOpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2EPSS 0.3%CVE-2023-20123MEDIUMCisco Duo Authentication for macOS and Duo Authentication for Windows Logon Offline Credentials Replay VulnerabilityEPSS 0.2%CVE-2021-46835MEDIUMThere is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijEPSS 0.2%CVE-2025-36593HIGHDell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS EPSS 0.2%CVE-2026-55759HIGHRocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replayEPSS 0.2%CVE-2026-49319MEDIUMAlps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay AttackEPSS 0.2%CVE-2024-12137HIGHAuthentication Bypass in Elfatek Elektronics' ANKA JPD-00028EPSS 0.2%CVE-2025-68671MEDIUMlakeFS is Missing Timestamp Validation in S3 Gateway AuthenticationEPSS 0.2%CVE-2023-50128MEDIUMThe remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which EPSS 0.2%CVE-2025-47706MEDIUMEnterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052EPSS 0.2%CVE-2025-13777HIGHAuthentication Bypass due to Improper Session ValidationEPSS 0.2%CVE-2023-50786MEDIUMDradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. TEPSS 0.2%CVE-2026-46538MEDIUMMicrosoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injectionEPSS 0.2%CVE-2026-56130LOWApache Shiro: Remember-me cookie isn't checked for expiry on the serverEPSS 0.2%CVE-2026-41000LOWWSS4J validation does not use configured replay cacheEPSS 0.2%CVE-2026-42602HIGHazureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replayEPSS 0.2%CVE-2024-5249MEDIUMSAML Replay in AkanaEPSS 0.2%CVE-2025-48012MEDIUMOne Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063EPSS 0.2%