CVE-2025-57801

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

CVE-2025-57801

CVE-2025-57801 affects gnark before 0.14.0, where Verify in eddsa.go and ecdsa.go did not enforce 0 ≤ S

CVE-2025-57801 gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

PT-2025-34495

Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.14.0 Description: gnark is a zero-knowledge proof system framework. The Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleabili...

WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin PressApps Knowledge Base Contextual Sidebar Addon versions = 4.2.1...

Security Bulletin: Multiple Secuirty vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

Summary Multiple secuirty vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...

CVE-2025-49400

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic allows Stored XSS. This issue affects WP Visitor Statistics Real Time Traffic: from n/a through 8.2...

Adaptive Anomaly Detection in Evolving Network Environments

Distribution shift, a change in the statistical properties of data over time, poses a critical challenge for deep learning anomaly detection systems. Existing anomaly detection systems often struggle to adapt to these shifts. Specifically, systems based on supervised learning require costly manua...

CKM-Assisted Physical-Layer Security for Resilience against Unknown Eavesdropping Location

Channel Knowledge Map CKM is an emerging data-driven toolbox that captures our awareness of the wireless channel and enables efficient communication and resource allocation beyond the state of the art. In this work, we consider CKM for improving physical-layer security PLS in the presence of a...

PostgreSQL and PgBouncer Sizing and Configuration Guide

Challenge Jobs or tasks in Veeam Backup for Microsoft 365 fail with the error: Error: EFCoreLogging: An error occurred using the connection to database 'cache2331ace3-eff1-4ebb-b328-0cb948b2f5c5' on server 'tcp://vb365.domain.tld:6432'. Cause These connection errors can occur in larger environmen...

Consiglieres in the Shadow: Understanding the Use of Uncensored Large Language Models in Cybercrimes

The advancement of AI technologies, particularly Large Language Models LLMs, has transformed computing while introducing new security and privacy risks. Prior research shows that cybercriminals are increasingly leveraging uncensored LLMs ULLMs as backends for malicious services. Understanding the...

Adversarial Attacks on VQA-NLE: Exposing and Alleviating Inconsistencies in Visual Question Answering Explanations

Natural language explanations in visual question answering VQA-NLE aim to make black-box models more transparent by elucidating their decision-making processes. However, we find that existing VQA-NLE systems can produce inconsistent explanations and reach conclusions without genuinely understandi...

CryptoScope: Utilizing Large Language Models for Automated Cryptographic Logic Vulnerability Detection

Cryptographic algorithms are fundamental to modern security, yet their implementations frequently harbor subtle logic flaws that are hard to detect. We introduce CryptoScope, a novel framework for automated cryptographic vulnerability detection powered by Large Language Models LLMs. CryptoScope...

MAL-2025-32644 Malicious code in salesforce-knowledge (npm)

The package salesforce-knowledge was found to contain malicious code...

Malicious code in salesforce-knowledge (npm)

The package salesforce-knowledge was found to contain malicious code...

Microsoft Windows Multiple Vulnerabilities (KB5063709)

This host is missing an important security update according to Microsoft KB5063709 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft PowerPoint 2016 RCE Vulnerability (KB5002765)

This host is missing an important security update according to Microsoft KB5002765 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Windows Multiple Vulnerabilities (KB5063877)

This host is missing an important security update according to Microsoft KB5063877 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096

This module enables users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module alters the standard Drupal login form to use AJAX callbacks for handling authentication flow. The module doesn't sufficiently validate authentication under specific...

Microsoft Windows Multiple Vulnerabilities (KB5063889)

This host is missing a critical security update according to Microsoft KB5063889 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...