CVE-2025-54873

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed...

PT-2025-113: Stored XSS in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to embed malicious HTML and JavaScript into content generated by FreeScout, causing script execution in the user’s browser. Vulnerability status: Confirmed by vendor Date of...

PT-2025-111: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to exploit incorrect authorization, obtaining information or functions beyond their privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 08.08.2025...

CVE-2025-53544

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. In versions below 0.97.0, a brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login...

CVE-2025-54873

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed...

CVE-2025-54873 RISC Zero Underconstrained Vulnerability: Division

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed...

CVE-2025-54873

Summary (CVE-2025-54873) : RISC Zero’s zkVM platform and related circuit packages contain a bug in signed integer division that can produce multiple outputs for some inputs (only one valid) and causes division-by-zero results to be underconstrained. Affected versions are: risc0-zkvm 2.0.0–2.1.0; ...

The vulnerability of the wiki system’s function in the Atlassian Confluence platform allows attackers to carry out phishing attacks.

The vulnerability of the wiki system’s function for creating a unified knowledge base in Atlassian Confluence is related to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor, operating remotely, to carry out phishing attacks by sending GET...

DUP: Detection-Guided Unlearning for Backdoor Purification in Language Models

As backdoor attacks become more stealthy and robust, they reveal critical weaknesses in current defense strategies: detection methods often rely on coarse-grained feature statistics, and purification methods typically require full retraining or additional clean models. To address these challenges...

Resource-Efficient Automatic Software Vulnerability Assessment Via Knowledge Distillation and Particle Swarm Optimization

The increasing complexity of software systems has led to a surge in cybersecurity vulnerabilities, necessitating efficient and scalable solutions for vulnerability assessment. However, the deployment of large pre-trained models in real-world scenarios is hindered by their substantial computationa...

Program Analysis for High-Value Smart Contract Vulnerabilities: Techniques and Insights

A widespread belief in the blockchain security community is that automated techniques are only good for detecting shallow bugs, typically of small value. In this paper, we present the techniques and insights that have led us to repeatable success in automatically discovering high-value smart...

Cryptographic Data Exchange for Nuclear Warheads

Nuclear arms control treaties have historically focused on strategic nuclear delivery systems, leaving nuclear warheads outside formal verification frameworks. This paper presents a cryptographic protocol for secure and verifiable warhead tracking, addressing challenges in nuclear warhead...

Towards Trustworthy AI: Secure Deepfake Detection Using CNNs and Zero-Knowledge Proofs

In the era of synthetic media, deepfake manipulations pose a significant threat to information integrity. To address this challenge, we propose TrustDefender, a two-stage framework comprising i a lightweight convolutional neural network CNN that detects deepfake imagery in real-time extended...

PiMRef: Detecting and Explaining Ever-Evolving Spear Phishing Emails with Knowledge Base Invariants

Phishing emails are a critical component of the cybercrime kill chain due to their wide reach and low cost. Their ever-evolving nature renders traditional rule-based and feature-engineered detectors ineffective in the ongoing arms race between attackers and defenders. The rise of large language...

CVE-2025-7431

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

WordPress plugin Knowledge Base Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-29985 · WordPress · Wp Knowledgebase

Name of the Vulnerable Software and Affected Versions: Knowledge Base plugin for WordPress versions prior to 2.3.2 Description: The Knowledge Base plugin for WordPress is susceptible to Stored Cross-Site Scripting via the plugin slug setting due to insufficient input sanitization and output...

MaxKB 代码注入漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A code injection vulnerability exists in MaxKB versions prior to 2.0.0, which stems from the fact that sandbox design rules can be bypassed, potentially leading to a...

Questionnaire Mate 2.0

Questionnaire Mate is a cool script that lets you read in a list of questions and uses OpenAI to answer them based on a private knowledge base. Useful for a less informed individual to feed AI audit questions and extract proper answers...

SmartphoneDemocracy: Privacy-Preserving E-Voting on Decentralized Infrastructure Using Novel European Identity

The digitization of democratic processes promises greater accessibility but presents challenges in terms of security, privacy, and verifiability. Existing electronic voting systems often rely on centralized architectures, creating single points of failure and forcing too much trust in authorities...