VehiclePassport: a GAIA-X-Aligned, Blockchain-Anchored Privacy-Preserving, Zero-Knowledge Digital Passport for Smart Vehicles

Modern vehicles accumulate fragmented lifecycle records across OEMs, owners, and service centers that are difficult to verify and prone to fraud. We propose VehiclePassport, a GAIA-X-aligned digital passport anchored on blockchain with zero-knowledge proofs ZKPs for privacy-preserving verificatio...

MAL-2025-45156 Malicious code in meant-surface-knowledge (npm)

The package meant-surface-knowledge was found to contain malicious code...

Malicious code in blank-sum-knowledge (npm)

The package blank-sum-knowledge was found to contain malicious code...

MAL-2025-43630 Malicious code in blank-sum-knowledge (npm)

The package blank-sum-knowledge was found to contain malicious code...

Malicious code in meant-surface-knowledge (npm)

The package meant-surface-knowledge was found to contain malicious code...

WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Knowledge Base versions = 2.9...

CVE-2025-9685

A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

CVE-2025-9686

A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. The attack is...

CVE-2025-9685

A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

CVE-2025-9685

CVE-2025-9685 affects Portabilis i-Educar up to 2.10. The vulnerability is due to improper handling of the ID parameter in the /module/AreaConhecimento/view endpoint within the Listagem de áreas de conhecimento page, allowing remote SQL injection. Public exploit exists; risk includes potential un...

PT-2025-35354

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10, specifically within the /module/AreaConhecimento/view file of the Listagem de áreas de conhecimento Page component...

PT-2025-35355

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A security flaw has been discovered in Portabilis i-Educar. The issue affects processing of the file /module/AreaConhecimento/edit of the Listagem de áreas de conhecimento Page component...

CVE-2025-58157 gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm

gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been...

PT-2025-35319

Name of the Vulnerable Software and Affected Versions gnark versions prior to 0.13.0 Description gnark is a zero-knowledge proof system framework. A denial of service issue can occur when computing scalar multiplication using the fake-GLV algorithm in versions prior to 0.13.0. This is due to the...

gnark 资源管理错误漏洞

gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A resource management error vulnerability exists in gnark version 0.12.0, which stems from an improper calculation of the fake-GLV algorithm and could lead to a denial-of-service attack...

CVE-2025-9594

A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complaininfo.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

graph-rag-poc

Graph RAG Pipeline - Proof of Concept A locally-executable Gr...

Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

This module enables you to protect individual pages with a password. The module doesn't limit the number of password attempts, making it vulnerable to brute force attacks. This vulnerability is mitigated by the fact that an attacker must know the protected page's URL. CVSS risk score experimental...

MAL-2025-41302 Malicious code in knowledge-processor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 10486375c2c8f9c47bdb66e84e96db62dd623c210713201b53ebd516834bf3e6 The OpenSSF Package Analysis project identified 'knowledge-processor' @ 99.0.9 npm as malicious. It is considered malicious because: - The packa...

Malicious code in knowledge-processor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 10486375c2c8f9c47bdb66e84e96db62dd623c210713201b53ebd516834bf3e6 The OpenSSF Package Analysis project identified 'knowledge-processor' @ 99.0.9 npm as malicious. It is considered malicious because: - The packa...