GHSA-FW7P-63QQ-7HPR filippo.io/edwards25519 MultiScalarMult produces invalid results or undefined behavior if receiver is not the identity

Point.MultiScalarMult failed to initialize its receiver. If the method was called on an initialized point that is not the identity point, MultiScalarMult produced an incorrect result. If the method was called on an uninitialized point, the behavior was undefined. In particular, if the receiver wa...

CVE-2021-47909

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...

CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...

CVE-2021-47909

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...

CVE-2021-47909 Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...

CVE-2021-47909

CVE-2021-47909 concerns Mult-E-Cart Ultimate 2.4, with multiple SQL injection flaws in the inventory, customer, vendor, and order modules. The underlying issue is injectable SQL via the vulnerable id parameter, which remote attackers with vendor/admin privileges could exploit to run arbitrary SQL...

EUVD-2021-34761

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...

Mult-E-Cart Ultimate SQL注入漏洞

Mult-E-Cart Ultimate is an e-commerce platform script developed by the Indian company Mult-E-Cart. Version 2.4 of Mult-E-Cart Ultimate contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injection vulnerabilities present in the inventory, customer, supplier, and ord...

EUVD-2021-19533

Malware in sbrugna...

Malicious code in @zalastax/nolb-mult (npm)

The package @zalastax/nolb-mult was found to contain malicious code...

MAL-2025-12448 Malicious code in @zalastax/nolb-mult (npm)

The package @zalastax/nolb-mult was found to contain malicious code...

MAL-2025-12449 Malicious code in @zalastax/nolb-mult- (npm)

The package @zalastax/nolb-mult- was found to contain malicious code...

Malicious code in @zalastax/nolb-mult- (npm)

The package @zalastax/nolb-mult- was found to contain malicious code...

AZL-61780 CVE-2025-43962 affecting package LibRaw 0.21.3-1

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

CVE-2025-43962

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

UBUNTU-CVE-2025-43962

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

Malicious code in mult-flow (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5381 Malicious code in mult-flow (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Timing Attack

github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult and div functions of shamir.go because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host...

UBUNTU-CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...