134 matches found
cggmp21 has a missing check in the ZK proof used in CGGMP21
Impact cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check However, cggmp21 recommends upgrading to...
GHSA-M95P-425X-X889 cggmp21 has a missing check in the ZK proof used in CGGMP21
Impact cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check However, cggmp21 recommends upgrading to...
CVE-2025-66016
CGGMP24 (ECDSA TSS) CVE-2025-66016 concerns a missing check in the ZK proof in CGGMP21 that could allow a single malicious signer to reconstruct the full private key. The issue is described across multiple sources: prior to version 0.6.3, the missing check enabled the attack; a patch exists in v0...
CVE-2025-66016 CGGMP24 is missing a check in the ZK proof used in CGGMP21
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...
CVE-2025-66016 CGGMP24 is missing a check in the ZK proof used in CGGMP21
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...
cggmp21 数据伪造问题漏洞
cggmp21 is a Rust library open-sourced by Lockness. A data forgery issue vulnerability exists in versions prior to cggmp21 0.6.3, which stems from a missing check in the ZK proof that could lead to a malicious signer reconstructing the full private key...
Missing check in ZK proof in CGGMP21 Threshold Signing Protocol
Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...
RUSTSEC-2025-0129 Missing check in ZK proof in CGGMP21 Threshold Signing Protocol
Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...
Missing check in ZK proof in CGGMP21 Threshold Signing Protocol
Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...
RUSTSEC-2025-0130 Missing check in ZK proof in CGGMP21 Threshold Signing Protocol
Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...
PT-2025-48044
Name of the Vulnerable Software and Affected Versions CGGMP24 versions prior to 0.6.3 CGGMP24 version 0.6.3 CGGMP24 versions 0.6.3 through 0.7.0-alpha.2 Description A missing check in the ZK proof allows a single malicious signer to reconstruct the full private key. The issue was addressed with a...
CVE-2025-64711
CVE-2025-64711 affects PrivateBin versions 1.7.7–2.0.3. A drag-and-drop filename containing HTML is rendered as HTML in the drag-and-drop helper, enabling self‑XSS in the victim’s session on macOS/Linux when file uploads are enabled. An attacker must entice the user to attach a maliciously named ...
CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...
ExPrESSO: Zero-Knowledge Backed Extensive Privacy Preserving Single Sign-On
User authentication is one of the most important aspects for secure communication between services and end-users over the Internet. Service providers leverage Single-Sign On SSO to make it easier for their users to authenticate themselves. However, standardized systems for SSO, such as OIDC, do n...
EUVD-2024-2765
Malicious code in bioql PyPI...
EUVD-2025-28663
Malicious code in bioql PyPI...
EUVD-2025-19064
Malicious code in bioql PyPI...
EUVD-2022-33901
Malicious code in bioql PyPI...
EUVD-2025-32056
Malicious code in bioql PyPI...
EUVD-2024-37397
Malicious code in bioql PyPI...