53 matches found
EUVD-2026-26801
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...
CVE-2026-30836
A flaw was found in Step CA, an online certificate authority. A remote attacker can exploit this vulnerability by sending an unauthenticated SCEP Simple Certificate Enrollment Protocol Update Request. This allows the attacker to issue unauthorized certificates, potentially leading to a compromise...
CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...
CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...
EUVD-2026-13200
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq MessageType=18...
SUSE CVE-2025-44005
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...
CVE-2025-44005
A flaw was found in the Automated Certificate Management Environment ACME and Simple Certificate Enrollment Protocol SCEP provisioner features of Step CA github.com/smallstep/certificates. This vulnerability allows an authorization bypass vulnerability in Step CA’s ACME and SCEP provisioners wher...
CVE-2024-56838
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...
EUVD-2024-55306
A vulnerability has been identified in RUGGEDCOM ROX II family All versions V2.17.0. The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user...
CVE-2024-56838
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...
PT-2025-49829
Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX II versions prior to 2.17.0 Description The SCEP client within the affected devices does not properly validate multiple fields during secure certificate enrollment. This could allow an attacker to execute arbitrary code with root...
GO-2025-4180 Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates
Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...
EUVD-2017-11563
Malware in sbrugna...
EUVD-2025-31027
Malicious code in bioql PyPI...
EUVD-2025-15133
Malicious code in bioql PyPI...
CVE-2025-20293
A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud 9800-CL could allow an unauthenticated, remote attacker to access the public-key infrastructure PKI server that is running on an affected device. This vulnerability is due...
CVE-2025-20293
A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud 9800-CL could allow an unauthenticated, remote attacker to access the public-key infrastructure PKI server that is running on an affected device. This vulnerability is due...
CVE-2025-20293
A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud 9800-CL could allow an unauthenticated, remote attacker to access the public-key infrastructure PKI server that is running on an affected device. This vulnerability is due...
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controller for Cloud Unauthenticated Access to Certificate Enrollment Service Vulnerability
A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud 9800-CL could allow an unauthenticated, remote attacker to access the public-key infrastructure PKI server that is running on an affected device. This vulnerability is due...