Lucene search
K

1171 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.15 views

FreeBSD : Erlang/OTP -- OCSP responder certificate accepted after expiry in public_key (9357d6fb-5a54-11f1-b886-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9357d6fb-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff reports: Erlang/OTP's publickey...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.10 views

FreeBSD : Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints (93576148-5a54-11f1-b886-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93576148-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostnam...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 8:6 p.m.48 views

CVE-2026-47272 pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG buffer

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusbpadcompare function in src/pad.c only verified that the user-side pad /.pamusb/device.pad could be read, but did not enforce that the system-side pad the pad file on the USB device was also...

7.1CVSS0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:9 p.m.11 views

EUVD-2026-32558

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

7.6CVSS5.8AI score0.00338EPSS
Exploits0References7
NVD
NVD
added 2026/05/27 2:16 p.m.13 views

CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS0.00316EPSS
Exploits0References6
NVD
NVD
added 2026/05/27 2:16 p.m.14 views

CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

8CVSS0.00322EPSS
Exploits0References9
OSV
OSV
added 2026/05/27 2:16 p.m.9 views

DEBIAN-CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

3.7CVSS5.8AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 12:23 p.m.13 views

EUVD-2026-32272

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

7CVSS5.9AI score0.00322EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 9:49 a.m.27 views

CVE-2026-42731

CVE-2026-42731 affects the WordPress plugin miniorange OTP verification (miniorange-otp-verification) up to and including version 5.4.9. Root cause: Incorrect Privilege Assignment leading to Privilege Escalation . Affected component: the plugin’s privilege handling; impact is described as high (c...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42731 WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 5:31 a.m.14 views

EUVD-2026-32084

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...

9.8CVSS7.2AI score0.00628EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.9 views

CVE-2026-8760 Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...

9.8CVSS5.7AI score0.00595EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.32 views

CVE-2026-8760 Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...

9.8CVSS0.00595EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43643

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/24 9:1 a.m.10 views

WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 3:51 p.m.14 views

Malicious code in celonix-otp-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df58532b5edb3f7a5ad9734a7f4fa46f062c0f220d578db42a223188d078d9bb The package presents itself as a React OTP component, but its only exported widget hardcodes a single Firebase Realtime Database URL...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/21 3:51 p.m.10 views

MAL-2026-4509 Malicious code in celonix-otp-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df58532b5edb3f7a5ad9734a7f4fa46f062c0f220d578db42a223188d078d9bb The package presents itself as a React OTP component, but its only exported widget hardcodes a single Firebase Realtime Database URL...

5.8AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/21 2:8 p.m.12 views

CVE-2026-1816 OTP Bypass in TEİAŞ's Mobile Application

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...

6.3CVSS5.8AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 12:41 p.m.11 views

CVE-2025-13477 OTP Bypass in Digital Operation Services' WifiBurada

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fixed an out-of-bounds access in otppackedelementt The value CS35L41NUMOTPELEM is 100, but only 99 entries are defined in the array otpmap1/2CS35L41NUMOTPELEM. This will trigger UBSAN to report a out-of-bounds...

7.1CVSS6.5AI score0.00249EPSS
Exploits0References2
Rows per page
Query Builder