218 matches found
SUSE CVE-2026-42767
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
RockyLinux 9 : openssl (RLSA-2026:25239)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25239 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...
CVE-2026-42770
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
ALPINE-CVE-2026-42767
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
OpenSSL 3.0.0 < 3.0.21 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.0.21. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.21 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013082)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013082 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller...
CVE-2026-6518
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...
CVE-2026-6518 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...
Malicious code in paramount-cmp-html5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f49d119208d4541e1b4c557d446b21a7573c4649d3e8ab1116ff29d0c66b2da9 The package paramount-cmp-html5 was found to contain malicious code...
MAL-2026-1807 Malicious code in paramount-cmp-html5 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f49d119208d4541e1b4c557d446b21a7573c4649d3e8ab1116ff29d0c66b2da9 The package paramount-cmp-html5 was found to contain malicious code...
AZL-76389 CVE-2025-63656 affecting package fluent-bit 3.0.6-6
An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...
MiracleLinux 8 : kernel-4.18.0-553.82.1.el8_10 (AXSA:2025-11082:86)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11082:86 advisory. kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets...
CVE-2025-1666
The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...
kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...