Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CNNVD
CNNVDadded 2026/04/18 12:0 a.m.4 views

SP1 安全漏洞

SP1 is an open-source zero-knowledge virtual machine developed by Succinct. Versions 6.0.0 to 6.0.2 of SP1 contain security vulnerabilities. These vulnerabilities stem from defects in the recursive sharding verifier, which could allow malicious provers to construct invalid proofs...

8.9CVSS5.8AI score0.00011EPSS
Exploits0References2
Packet Storm News
Packet Storm Newsadded 2025/06/21 12:0 a.m.4 views

A Locally Differential Private Coding-Assisted Succinct Histogram Protocol

A succinct histogram captures frequent items and their frequencies across clients and has become increasingly important for large-scale, privacy-sensitive machine learning applications. To develop a rigorous framework to guarantee privacy for the succinct histogram problem, local differential...

6.4AI score
Exploits0
Github Security Blog
Github Security Blogadded 2025/01/15 9:25 p.m.15 views

SP1 has missing verifier checks and fiat-shamir observations

In SP1’s STARK verifier, the prover provided chipordering is used to fetch the index of the chips that have preprocessed columns. Prior to v4.0.0, the validation that this chipordering correctly provides these indexes was missing. In v4.0.0, this was fixed by adding a check that the indexed chip’...

7AI score
Exploits0References2Affected Software1
OSV
OSVadded 2024/10/29 3:37 p.m.4 views

GHSA-F77Q-R5QM-W4M8 sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic

The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...

6.9CVSS7.1AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2024/10/29 3:37 p.m.8 views

sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic

The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...

7.1AI score
Exploits0References3Affected Software1
OSV
OSVadded 2024/02/16 11:35 p.m.1 views

GHSA-77HH-43CM-V8J6 tuf's Metadata API: Targets.get_delegated_role() is missing input validation

The security of both a TUF client and repository implementations depend on the concept of trusted Metadata objects verifying the signatures over other Metadata that it delegates to. This verification process uses Targets.getdelegatedroledelegatedrole: str to find the delegation information...

5.9AI score
Exploits0References5
Rows per page
Query Builder