EUVD-2023-50471

Malicious code in bioql PyPI...

EUVD-2024-35250

Malicious code in bioql PyPI...

EUVD-2025-23666

Malicious code in bioql PyPI...

VehiclePassport: a GAIA-X-Aligned, Blockchain-Anchored Privacy-Preserving, Zero-Knowledge Digital Passport for Smart Vehicles

Modern vehicles accumulate fragmented lifecycle records across OEMs, owners, and service centers that are difficult to verify and prone to fraud. We propose VehiclePassport, a GAIA-X-aligned digital passport anchored on blockchain with zero-knowledge proofs ZKPs for privacy-preserving verificatio...

CVE-2025-58157 gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm

gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been...

gnark 资源管理错误漏洞

gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A resource management error vulnerability exists in gnark version 0.12.0, which stems from an improper calculation of the fake-GLV algorithm and could lead to a denial-of-service attack...

PT-2025-35319

Name of the Vulnerable Software and Affected Versions gnark versions prior to 0.13.0 Description gnark is a zero-knowledge proof system framework. A denial of service issue can occur when computing scalar multiplication using the fake-GLV algorithm in versions prior to 0.13.0. This is due to the...

CVE-2025-57801

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

CVE-2025-57801

CVE-2025-57801 affects gnark before 0.14.0, where Verify in eddsa.go and ecdsa.go did not enforce 0 ≤ S

CVE-2025-57801 gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

PT-2025-34495

Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.14.0 Description: gnark is a zero-knowledge proof system framework. The Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleabili...

CVE-2025-54873

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed...

CVE-2025-54873

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed...

CVE-2025-54873 RISC Zero Underconstrained Vulnerability: Division

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed...

CVE-2025-54873

Summary (CVE-2025-54873) : RISC Zero’s zkVM platform and related circuit packages contain a bug in signed integer division that can produce multiple outputs for some inputs (only one valid) and causes division-by-zero results to be underconstrained. Affected versions are: risc0-zkvm 2.0.0–2.1.0; ...

Cryptographic Data Exchange for Nuclear Warheads

Nuclear arms control treaties have historically focused on strategic nuclear delivery systems, leaving nuclear warheads outside formal verification frameworks. This paper presents a cryptographic protocol for secure and verifiable warhead tracking, addressing challenges in nuclear warhead...

Towards Trustworthy AI: Secure Deepfake Detection Using CNNs and Zero-Knowledge Proofs

In the era of synthetic media, deepfake manipulations pose a significant threat to information integrity. To address this challenge, we propose TrustDefender, a two-stage framework comprising i a lightweight convolutional neural network CNN that detects deepfake imagery in real-time extended...

SmartphoneDemocracy: Privacy-Preserving E-Voting on Decentralized Infrastructure Using Novel European Identity

The digitization of democratic processes promises greater accessibility but presents challenges in terms of security, privacy, and verifiability. Existing electronic voting systems often rely on centralized architectures, creating single points of failure and forcing too much trust in authorities...

Quantum-Resilient Privacy Ledger (QRPL): a Sovereign Digital Currency for the Post-Quantum Era

The emergence of quantum computing presents profound challenges to existing cryptographic infrastructures, whilst the development of central bank digital currencies CBDCs has raised concerns regarding privacy preservation and excessive centralisation in digital payment systems. This paper propose...

CVE-2025-52884

RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...