CVE-2026-46654 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

Plonky3 数据伪造问题漏洞

Plonky3 is an open-source implementation of the Polynomial IOP cryptographic primitive toolkit by Plonky3 developers. Versions of Plonky3 prior to 0.4.3 and 0.5.3 contained a data forgery vulnerability. This vulnerability allowed attackers to control the observations made by the prover, resulting...

req 注入漏洞

“req” is a simple Go HTTP client developed by a Roc individual using Black Magic. Versions of “req” from 0.5.3 to 0.6.0 had an injection vulnerability. This vulnerability stemmed from improper neutralization of CRLF sequences, which could lead to multipart parameter smuggling through parts of the...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @getnuvo/importer-react (>=3.3.0 <=3.6.2) +19 more potentially affected by CVE-2026-43898 via @nyariv/sandboxjs (>=0.5.3 <=0.8.36)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =3.3.0, =4.0.1, =0.0.12, =2.1.6, =2.1.6, =1.0.5, =1.0.6, =2.1.6, =2.1.6, =2.15.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-43898 Source advisory: SNYK:JS-NYARIVSANDBOXJS-16642341...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-34211 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-34211 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15909754...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25881 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25881 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15253532...

adbdgl-adapter (>=1.0.0 <=3.0.1), alignn (>=2021.9.29 <=2025.4.1) +95 more potentially affected by unknown CVE via dgl (>=0.5.3 <=2.2.1)

dgl PYPI version =0.5.3, =1.0.0, =2021.9.29, =2022.10.23, =0.0.4, =1.0.0, =1.0.0, =0.1.0, =1.0.21, =0.1.1, =1.0.0b3, =0.0.1, =0.2.0, =1.26.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3X5X-FW77-G54C...

adbdgl-adapter (>=1.0.0 <=3.0.1), alignn (>=2021.9.29 <=2025.4.1) +95 more potentially affected by unknown CVE via dgl (>=0.5.3 <=2.2.1)

dgl PYPI version =0.5.3, =1.0.0, =2021.9.29, =2022.10.23, =0.0.4, =1.0.0, =1.0.0, =0.1.0, =1.0.21, =0.1.1, =1.0.0b3, =0.0.1, =0.2.0, =1.26.2 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DGL-9295806...

PT-2025-3184 · Unknown · Photo Gallery

Name of the Vulnerable Software and Affected Versions: odPhotogallery versions 0.5.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected Cross-site Scripting XSS. This means an attacker can inject malicious scripts...

PT-2022-27085 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions 0.5.3 and earlier Description: The issue allows remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. Recommendations: For PwnDoc versions 0.5.3 and earlier, at t...

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

w3m arbitrary code execution vulnerability (CNVD-2016-11721)

w3m is an open source text-based Web browser . A security vulnerability exists in versions of w3m prior to 0.5.3-31. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service...

w3m arbitrary code execution vulnerability (CNVD-2016-11723)

w3m is an open source text-based Web browser . An arbitrary code execution vulnerability exists in versions of w3m prior to 0.5.3-31. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service...