Lucene search
K

45 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-37271

Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearb...

9.8CVSS0.00373EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-51076

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token replay protection is inoperative because the DefaultTokenReplayCache.TryAdd function does not reject duplicate tokens when DetectReplayedTokens is enabled...

5.9CVSS5.9AI score0.00268EPSS
Exploits0References12
CVE
CVE
added 2026/05/28 4:47 a.m.41 views

CVE-2026-9802

Keycloak contains a vulnerability where, with revokeRefreshToken=true and persistent session storage, a server restart can reset internal timing mechanisms, enabling a remote attacker who has captured a user’s refresh token to replay it after revocation. This can grant unauthorized access to the ...

6.8CVSS5.7AI score0.00305EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.9 views

Besen BS20 EV Charging Station 安全漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The Besen BS20 EV Charging Station, including versions dated before April 2026, has a security vulnerability. This vulnerability stems from improper operation of...

3.1CVSS5.7AI score0.00294EPSS
Exploits0References5
NVD
NVD
added 2026/04/21 6:16 p.m.8 views

CVE-2026-41192

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...

7.1CVSS0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/03/29 3:11 p.m.4 views

GHSA-8MHJ-RFFC-RCVW mppx has Stripe charge credential replay via missing idempotency check

Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...

6CVSS5.9AI score0.00494EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.6 views

PT-2026-28608

Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...

6CVSS5.9AI score0.00494EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/21 3:31 a.m.4 views

EUVD-2026-13954

OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...

6.9CVSS5.8AI score0.00337EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/16 8:40 p.m.3 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management. An attacker can gain unauthorized privileges by replaying a valid setup code before approval, allowing escalation of pending device pairing scopes...

9.8CVSS5.9AI score0.00351EPSS
Exploits0References2
CVE
CVE
added 2025/10/14 9:14 a.m.9 views

CVE-2011-20002

Affected software/hardware: Siemens SIMATIC S7-1200 CPU V1/V2 families (incl. SIPLUS variants). Vulnerability: Capture-replay of engineering software communication that can allow an on-path attacker to replay legitimate commands to the controller. Root cause (from sources): Insecure handling of e...

8.3CVSS7.1AI score0.00297EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1161

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00528EPSS
Exploits0References9
Hacker One
Hacker One
added 2025/10/03 7:51 p.m.12 views

Lovable VDP: Low-privileged user can enable or disable Lovable AI for new projects in workspace

A vulnerability was discovered that allowed low-privileged users to enable or disable Lovable AI for new projects in a workspace. The vulnerability was caused by improper authorization, which enabled low-privileged users to modify the Lovable AI settings by replaying certain API endpoints...

6.9AI score
Exploits0
OSV
OSV
added 2025/07/16 9:15 a.m.4 views

ALPINE-CVE-2025-27465

Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up an...

4.3CVSS6.7AI score0.00554EPSS
Exploits0References1
OSV
OSV
added 2025/07/16 9:15 a.m.5 views

CVE-2025-27465

Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up an...

4.3CVSS6AI score
Exploits0References3
CVE
CVE
added 2025/07/16 9:8 a.m.56 views

CVE-2025-27465

CVE-2025-27465 affects the Xen hypervisor (x86) and relates to the exception handling for “flags recovery” in stubs during replayed instructions. The vulnerability arises from incorrect metadata/exception handling in the flags-recovery path, which can cause exceptions to be treated as fatal inste...

4.3CVSS6.3AI score0.00554EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2025/07/01 11:29 p.m.2 views

SUSE CVE-2025-27465

Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up an...

7.1CVSS6.8AI score0.00554EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/03/17 3:17 a.m.3 views

xorg: xwayland: Use-after-free in PlayReleasedEvents()

A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free...

7.8CVSS5.7AI score0.00359EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/02/25 4:15 p.m.2 views

CVE-2025-26600

A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free...

7.8CVSS7AI score0.00359EPSS
Exploits0References18Affected Software17
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.2 views

X.Org和Xwayland 资源管理错误漏洞

X.Org is an open source free software from the X.Org Foundation.Xwayland is an open source communication protocol from Xwayland that specifies how a display server communicates with its clients. A resource management error vulnerability exists in X.Org and Xwayland that stems from a device being...

7.8CVSS7.5AI score0.00359EPSS
Exploits0References3
OSV
OSV
added 2024/10/09 6:15 a.m.2 views

UBUNTU-CVE-2023-36325

i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy it may be dropped, or may result in a Wrong...

3.7CVSS5.7AI score0.00474EPSS
Exploits0References4
Rows per page
Query Builder