CVE-2026-7668

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

CVE-2026-7668

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

CVE-2026-7668 MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

CVE-2026-7668 MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

CVE-2026-7668

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

CVE-2026-7668

CVE-2026-7668 affects MikroTik RouterOS 6.49.8, specifically the SCEP Endpoint component, in nova/lib/www/scep.p. The root cause is out-of-bounds read in ASN1_STRING_data when manipulating transactionID/messageType, potentially allowing remote initiation. Public exploit code is noted, and disclos...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the Apple MDM profile delivery pipeline. An attacker can access or modify sensitive database contents, such as user credentials, API tokens, and device enrollment secrets, by sending a malicious UDID during the MDM...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication through the certificate issuance via SCEP UpdateReq MessageType=18. Note: Limited Disclosure — Full Details Pending. Full details of this vulnerability will be published smallstep/certificates security advisory o...

CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

CVE-2025-44005

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...

CVE-2025-44005

The CVE describes an Authorization bypass in Smallstep Step CA where ACME or SCEP provisioners can create certificates without completing certain protocol authorization checks. Affected component: Step CA (ACME/SCEP provisioners). Root cause: bypass of authorization checks. Impact: potential issu...

FreeBSD : step-certificates -- Authorization Bypass in ACME and SCEP Provisioners (eca46635-db51-11f0-9b8d-40a6b7c3b3b8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eca46635-db51-11f0-9b8d-40a6b7c3b3b8 advisory. smallstep reports: An attacker can bypass authorization checks and force a Step CA ACME or SCEP...

CVE-2024-56838

CVE-2024-56838 affects Siemens RUGGEDCOM ROX II family (and ROX MX5000/ROX RX1400/1500/1510/1511/1512/1524/1536/ROX RX5000) with versions before 2.17.0. The SCEP client used for secure certificate enrollment fails to validate multiple fields, enabling an attacker to execute arbitrary code with ro...

GHSA-H8CP-697H-8C8P Step CA Has Authorization Bypass in ACME and SCEP Provisioners

Summary A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners. All operators running these provisioners should upgrade to the latest release v0.29.0 immediately. The issue was discovered and disclosed by a...

EUVD-2010-3846

Malware in sbrugna...

EUVD-2021-27276

Malware in sbrugna...

EUVD-2010-3847

Malware in sbrugna...

CVE-2025-20293

A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud 9800-CL could allow an unauthenticated, remote attacker to access the public-key infrastructure PKI server that is running on an affected device. This vulnerability is due...

CVE-2023-36754

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...