EUVD-2025-17610

Malicious code in bioql PyPI...

CVE-2025-54426 Polkadot Frontier contains silent failure in Curve25519 arithmetic precompiles with malformed points

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invali...

PT-2025-31151 · Unknown · Polkadot Frontier

Name of the Vulnerable Software and Affected Versions: Polkadot Frontier versions prior to commit 36f70d1 Description: Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristrett...

PT-2024-4784 · Microsoft · Windows Enroll Engine +1

Name of the Vulnerable Software and Affected Versions: Windows Enroll Engine affected versions not specified Description: The issue is related to errors in cryptographic signature verification in the Windows Enroll Engine component of Windows operating systems. This allows an attacker to bypass...

PT-2023-6933 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom affected versions not specified Description: The issue is related to cryptographic problems with In-Meeting Chat for some Zoom clients, which may allow a privileged user to disclose information via network access. This could potentially...

Advisory ROSA-SA-2023-2235

Software: libgit2 1.4.5 OS: ROSA-CHROME packageevrstring: libgit2-1.4.5-1.src.rpm CVE-ID: CVE-2023-22742 BDU-ID: 2023-00574 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libssh2 library of the C Libgit2 implementation of Git methods is related to cryptographic signature verification errors...

PT-2023-5774 · Acronis · Acronis Agent +1

Name of the Vulnerable Software and Affected Versions: Acronis Agent versions prior to build 30600 Acronis Cyber Protect 15 versions prior to build 35979 Description: The issue is related to errors in cryptographic signature verification, allowing for local privilege escalation due to the...

The vulnerability of the Google Chrome browser’s Network Internals interface allows attackers to gain unauthorized access to protected information.

The vulnerability of Google Chrome’s network internal interfaces is related to errors in cryptographic transformations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Apache Hadoop distributed development and execution platform, related to errors in the implementation of cryptographic algorithms, allows attackers to disclose secret keys.

The vulnerability of the Apache Hadoop distributed development and execution platform is related to errors in the implementation of cryptographic algorithms for generating time stamps when the Kerberos security function is enabled. Exploiting this vulnerability can allow a malicious actor to obta...

The vulnerability of the Cisco AnyConnect Secure Mobility Client’s cryptographic protection allows a hacker to gain root user privileges.

The vulnerability of the Cisco AnyConnect Secure Mobility Client encryption method is related to errors in function processing. Exploiting this vulnerability can allow a local attacker to gain root user privileges using the vpnagent option...