LLaVul: a Multimodal LLM for Interpretable Vulnerability Reasoning about Source Code

Increasing complexity in software systems places a growing demand on reasoning tools that unlock vulnerabilities manifest in source code. Many current approaches focus on vulnerability analysis as a classifying task, oversimplifying the nuanced and context-dependent real-world scenarios. Even...

Temporal Logic-Based Multi-Vehicle Backdoor Attacks against Offline RL Agents in End-To-End Autonomous Driving

Assessing the safety of autonomous driving AD systems against security threats, particularly backdoor attacks, is a stepping stone for real-world deployment. However, existing works mainly focus on pixel-level triggers that are impractical to deploy in the real world. We address this gap by...

CVE-2025-10671

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

CVE-2025-59415

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

AZL-72343 CVE-2025-39851 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an FDB nexthop group. The latter is usually used in EVPN deployments where learning is disabled...

UBUNTU-CVE-2025-39851

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an FDB nexthop group. The latter is usually used in EVPN deployments where learning is disabled...

CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an FDB nexthop group. The latter is usually used in EVPN deployments where learning is disabled...

Inference Attacks on Encrypted Online Voting Via Traffic Analysis

Online voting enables individuals to participate in elections remotely, offering greater efficiency and accessibility in both governmental and organizational settings. As this method gains popularity, ensuring the security of online voting systems becomes increasingly vital, as the systems...

Automated Cyber Defense with Generalizable Graph-Based Reinforcement Learning Agents

Deep reinforcement learning RL is emerging as a viable strategy for automated cyber defense ACD. The traditional RL approach represents networks as a list of computers in various states of safety or threat. Unfortunately, these models are forced to overfit to specific network topologies, renderin...

Linux Distros Unpatched Vulnerability : CVE-2025-39851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an FDB nexthop group. The latter...

CVE-2025-10687

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/addteacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and coul...

CVE-2025-10687 SourceCodester Responsive E-Learning System add_teacher.php sql injection

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/addteacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and coul...

CVE-2025-10687 SourceCodester Responsive E-Learning System add_teacher.php sql injection

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/addteacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and coul...

CVE-2025-10671

CVE-2025-10671 concerns youth-is-as-pale-as-poetry e-learning 1.0, specifically the JWT Token Handler’s JwtUtils.encryptSecret. Multiple connected sources confirm the vulnerability is due to insufficiently random values generated by encryptSecret, which can be exploited remotely. The issue affect...

CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

e-learning 安全特征问题漏洞

e-learning is an exam system for youth-is-as-pale-as-poetry individual developers. A security feature issue vulnerability exists in e-learning version 1.0, which stems from insufficient generation of random values by the encryptSecret function in the JwtUtils.java file in the JWT Token Handler...

Hybrid Deep Learning-Federated Learning Powered Intrusion Detection System for IoT/5G Advanced Edge Computing Network

The exponential expansion of IoT and 5G-Advanced applications has enlarged the attack surface for DDoS, malware, and zero-day intrusions. We propose an intrusion detection system that fuses a convolutional neural network CNN, a bidirectional LSTM BiLSTM, and an autoencoder AE bottleneck within a...

PT-2025-38472

Name of the Vulnerable Software and Affected Versions SourceCodester Responsive E-Learning System version 1.0 Description A SQL injection issue exists in SourceCodester Responsive E-Learning System 1.0. The Username parameter in the /admin/add teacher.php file is susceptible to manipulation,...

PT-2025-38404

Name of the Vulnerable Software and Affected Versions youth-is-as-pale-as-poetry e-learning version 1.0 Description A vulnerability exists due to insufficiently random values generated by the encryptSecret function within the JWT Token Handler component. The vulnerable file is...