CVE-2020-27374
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.
CVSS
7.5
Alto
EPSS
0.8%
p52
KEV
—
Exploit Today
16
0-100
Publicado: 7 abr 2022 · Última mod.: 9 jul 2026 · CWE-294
0.8%EPSS · 30 días0.9%
2026-06-302026-07-16
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.
- drtrust.inhttps://drtrust.in/collections/dr-trust-blood-pressure-testing/products/dr-trust-usa-icheck-connect-bp-monitor
- nvermaa.medium.comhttps://nvermaa.medium.com/cve-on-radio-technology-d-4b65efa1ba5c
- drtrust.inhttps://drtrust.in/collections/dr-trust-blood-pressure-testing/products/dr-trust-usa-icheck-connect-bp-monitor
- nvermaa.medium.comhttps://nvermaa.medium.com/cve-on-radio-technology-d-4b65efa1ba5c
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-118569.8 CRÍ60.9%
——18Successfully using libcurl to do a transfer to a specific HTTP origin
(`hostA`) with **Digest** authentication and then changing the origin to a
different one (`hostB`) for a second transfer, reusing the same handle, makes
libcurl wrongly pass on the `Authorization:` header field meant for `hostA`,
to `hostB`.9dCVE-2026-89279.1 CRÍ50.8%
——15When reusing a libcurl handle for sequential transfers driven by
environment-variable proxy configuration, libcurl fails to clear the proxy
authentication state between requests. Specifically, if the initial transfer
authenticates against `proxyA` using Digest auth, a subsequent transfer routed
through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended
solely for `proxyA`.9dCVE-2023-336215.9 MED49.5%
——15GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay.8dCVE-2025-262019.1 CRÍ41.4%
——12Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.12dCVE-2026-207797.1 ALT38.3%
——12Gitea versions from 1.5.0 before 1.26.3 have a TOTP single-use enforcement defect that allows a valid TOTP code to be accepted more than once across web two-factor authentication flows and the Basic Auth X-Gitea-OTP path.9dCVE-2026-262329.1 CRÍ30.1%
——9Gitea versions before 1.25.5 do not consistently enforce OAuth2 authorization code expiry and single-use behavior during token exchange.9d