CVE-2025-59415

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

CVE-2025-59415

CVE-2025-59415 affects Frappe Learning, versions 2.34.1 and earlier, where profile bio content wasn’t properly sanitized. This allows malicious SVGs to execute scripts in other users’ contexts, per multiple sources. The vulnerability arises from inadequate content sanitization in profile bios. Re...

CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

PT-2025-38279

Name of the Vulnerable Software and Affected Versions: Frappe Learning versions 2.34.1 and below Description: Frappe Learning does not adequately sanitize content uploaded in the profile bio. This allows for the execution of arbitrary scripts in the context of other users through malicious SVG...

Frappe Learning 跨站脚本漏洞

Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning version 2.34.1 and prior versions, which stems from not adequately cleaning up uploaded content in personal profiles, and could lead to ...

LLM Jailbreak Detection for (Almost) Free!

Large language models LLMs enhance security through alignment when widely used, but remain susceptible to jailbreak attacks capable of producing inappropriate content. Jailbreak detection methods show promise in mitigating jailbreak attacks through the assistance of other models or multiple model...

Hierarchical Deep Fusion Framework for Multi-Dimensional Facial Forgery Detection - the 2024 Global Deepfake Image Detection Challenge

The proliferation of sophisticated deepfake technology poses significant challenges to digital security and authenticity. Detecting these forgeries, especially across a wide spectrum of manipulation techniques, requires robust and generalized models. This paper introduces the Hierarchical Deep...

Time-Constrained Intelligent Adversaries for Automation Vulnerability Testing: a Multi-Robot Patrol Case Study

Simulating hostile attacks of physical autonomous systems can be a useful tool to examine their robustness to attack and inform vulnerability-aware design. In this work, we examine this through the lens of multi-robot patrol, by presenting a machine learning-based adversary model that observes...

Anomaly Detection in Industrial Control Systems Based on Cross-Domain Representation Learning

Industrial control systems ICSs are widely used in industry, and their security and stability are very important. Once the ICS is attacked, it may cause serious damage. Therefore, it is very important to detect anomalies in ICSs. ICS can monitor and manage physical devices remotely using...

An Unsupervised Learning Approach for a Reliable Profiling of Cyber Threat Actors Reported Globally Based on Complete Contextual Information of Cyber Attacks

Cyber attacks are rapidly increasing with the advancement of technology and there is no protection for our information. To prevent future cyberattacks it is critical to promptly recognize cyberattacks and establish strong defense mechanisms against them. To respond to cybersecurity threats...

Cyber Threat Hunting: Non-Parametric Mining of Attack Patterns from Cyber Threat Intelligence for Precise Threats Attribution

With the ever-changing landscape of cyber threats, identifying their origin has become paramount, surpassing the simple task of attack classification. Cyber threat attribution gives security analysts the insights they need to device effective threat mitigation strategies. Such strategies empower...

Ensembling Large Language Models for Code Vulnerability Detection: an Empirical Evaluation

Code vulnerability detection is crucial for ensuring the security and reliability of modern software systems. Recently, Large Language Models LLMs have shown promising capabilities in this domain. However, notable discrepancies in detection results often arise when analyzing identical code segmen...

Exploiting Timing Side-Channels in Quantum Circuits Simulation Via ML-Based Methods

As quantum computing advances, quantum circuit simulators serve as critical tools to bridge the current gap caused by limited quantum hardware availability. These simulators are typically deployed on cloud platforms, where users submit proprietary circuit designs for simulation. In this work, we...

browsersploit

This is an advanced browser exploit pack for internal and external pentesting, aiming to gain access to internal computers. The tool is not for script kiddies or non-advanced coders, as it contains bugs and is intended for experienced users. The pack includes various techniques to bypass antiviru...

Weakly Supervised Vulnerability Localization Via Multiple Instance Learning

Software vulnerability detection has emerged as a significant concern in the field of software security recently, capturing the attention of numerous researchers and developers. Most previous approaches focus on coarse-grained vulnerability detection, such as at the function or file level. Howeve...

Your Compiler Is Backdooring Your Model: Understanding and Exploiting Compilation Inconsistency Vulnerabilities in Deep Learning Compilers

Deep learning DL compilers are core infrastructure in modern DL systems, offering flexibility and scalability beyond vendor-specific libraries. This work uncovers a fundamental vulnerability in their design: can an official, unmodified compiler alter a model's semantics during compilation and...

Pikachu

This is a proof-of-concept PoC exploit for a vulnerable web application system called Pikachu. The system contains a variety of common web security vulnerabilities, including SQL injection, cross-site scripting XSS, cross-site request forgery CSRF, remote code execution RCE, and more. The...

Finding SSH Strict Key Exchange Violations by State Learning

SSH is an important protocol for secure remote shell access to servers on the Internet. At USENIX 2024, B�umer et al. presented the Terrapin attack on SSH, which relies on the attacker injecting optional messages during the key exchange. To mitigate this attack, SSH vendors adopted an extension...