1171 matches found
FreeBSD : Erlang/OTP -- OCSP responder certificate accepted after expiry in public_key (9357d6fb-5a54-11f1-b886-4c526214c986)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9357d6fb-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff reports: Erlang/OTP's publickey...
FreeBSD : Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints (93576148-5a54-11f1-b886-4c526214c986)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93576148-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostnam...
CVE-2026-47272 pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG buffer
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusbpadcompare function in src/pad.c only verified that the user-side pad /.pamusb/device.pad could be read, but did not enforce that the system-side pad the pad file on the USB device was also...
EUVD-2026-32558
Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...
CVE-2026-42791
Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...
CVE-2026-42789
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...
DEBIAN-CVE-2026-42791
Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...
EUVD-2026-32272
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...
CVE-2026-42731
CVE-2026-42731 affects the WordPress plugin miniorange OTP verification (miniorange-otp-verification) up to and including version 5.4.9. Root cause: Incorrect Privilege Assignment leading to Privilege Escalation . Affected component: the plugin’s privilege handling; impact is described as high (c...
CVE-2026-42731 WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...
EUVD-2026-32084
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
CVE-2026-8760 Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
CVE-2026-8760 Login with OTP <= 1.6 - Unauthenticated Authentication Bypass via OTP Brute Force
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to otplloginaction was placed only inside the OTP-generation branch and is never...
PT-2026-43643
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...
WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...
Malicious code in celonix-otp-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df58532b5edb3f7a5ad9734a7f4fa46f062c0f220d578db42a223188d078d9bb The package presents itself as a React OTP component, but its only exported widget hardcodes a single Firebase Realtime Database URL...
MAL-2026-4509 Malicious code in celonix-otp-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df58532b5edb3f7a5ad9734a7f4fa46f062c0f220d578db42a223188d078d9bb The package presents itself as a React OTP component, but its only exported widget hardcodes a single Firebase Realtime Database URL...
CVE-2026-1816 OTP Bypass in TEİAŞ's Mobile Application
Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13...
CVE-2025-13477 OTP Bypass in Digital Operation Services' WifiBurada
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fixed an out-of-bounds access in otppackedelementt The value CS35L41NUMOTPELEM is 100, but only 99 entries are defined in the array otpmap1/2CS35L41NUMOTPELEM. This will trigger UBSAN to report a out-of-bounds...