28 matches found
Erlang/OTP 19.3 < 26.2.5.21 / 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 DNS nameConstraints Bypass (CVE-2026-42790)
The version of Erlang/OTP installed on the remote host is 19.3 prior to 26.2.5.21, 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and...
EUVD-2015-2864
Malware in sbrugna...
EUVD-2024-34090
Malicious code in bioql PyPI...
Erlang/OTP (Erlang OTP) < 23.2.3 Privilege Escalation Vulnerability
Erlang/OTP Erlang OTP is prone to a local privilege escalation vulnerability in the erts component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Linux Distros Unpatched Vulnerability : CVE-2022-37026
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations...
Security Bulletin: Erlang/OTP Vulnerability in KEX Init Handling May Lead to High Memory Usage
Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters...
Erlang/OTP 17.0 < 26.2.5.13 / 27.0 < 27.3.4.1 / 28.0 < 28.0.1 Path Traversal (CVE-2025-4748)
The version of Erlang/OTP installed on the remote host is 17.0 prior to 26.2.5.13, 27.0 prior to 27.3.4.1, or 28.0 prior to 28.0.1. It is, therefore, affected by an path traversal vulnerability: - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang...
Erlang/OTP 17.0 < 25.3.2.20 / 26.2 < 26.2.5.11 / 27.0 < 27.3.3 RCE (CVE-2025-32433)
The version of Erlang/OTP installed on the remote host is 17.0 prior to 25.3.2.20, 26.2 prior to 26.2.5.11, or 27.0 prior to 27.3.3. It is, therefore, affected by a remote code execution vulnerability where a serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an...
Erlang/OTP (Erlang OTP) Path Traversal Vulnerability (Jun 2025)
Erlang/OTP Erlang OTP is prone to a restricted directory SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:erlang:erlang%2fotp";...
PT-2025-24632 · Undefined · Undefined
CISA has just added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog: Erlang OTP CVE-2024-39992 OpenSSH CVE-2024-39993 Roundcube Webmail CVE-2024-39994 These vulnerabilities are actively being exploited in the wild and must be patched by June 25, 2025, as per Binding...
PT-2025-23374 · WordPress · Psw Front-End Login & Registration
Name of the Vulnerable Software and Affected Versions: PSW Front-end Login & Registration plugin for WordPress versions up to, and including, 1.12 Description: The issue is related to Privilege Escalation due to a weak, low-entropy OTP mechanism used in the forget function. This allows...
CVE-2024-32868
ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...
CVE-2025-48372
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
CVE-2025-48372 Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks
Schule is open-source school management system software. The generateOTP function generates a 4-digit numeric One-Time Password OTP. Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range 1000–9999 results in only 9000 possible combinations...
Erlang/OTP (Erlang OTP) DoS Vulnerability (Feb 2025) - Windows
Erlang/OTP Erlang OTP is prone to a denial of service DoS vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...
Erlang/OTP (Erlang OTP) RCE Vulnerability (Apr 2025) - Linux
Erlang/OTP Erlang OTP is prone to a remote code execution RCE vulnerability in the SSH server component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform OTP SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433 , has been given the maximum CVSS...
PT-2025-16905
Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to 27.3.3 Erlang/OTP versions prior to 26.2.5.11 Erlang/OTP versions prior to 25.3.2.20 Description A critical flaw in the SSH server implementation of Erlang/OTP allows an unauthenticated remote attacker to achieve...
CVE-2025-30211
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters provided in K...
PT-2025-7604 · Ericsson +6 · Erlang/Otp +6
Name of the Vulnerable Software and Affected Versions: Erlang OTP versions prior to 25.3.2.18 Erlang OTP versions prior to 26.2.5.9 Erlang OTP versions prior to 27.2.4 Description: The issue arises from improper verification of packet size for SFTP packets. When multiple SSH packets are received,...