Linux Distros Unpatched Vulnerability : CVE-2024-3653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the...

CVE-2025-54699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through = 1.18.3...

Activate Me!: Designing Efficient Activation Functions for Privacy-Preserving Machine Learning with Fully Homomorphic Encryption

The growing adoption of machine learning in sensitive areas such as healthcare and defense introduces significant privacy and security challenges. These domains demand robust data protection, as models depend on large volumes of sensitive information for both training and inference. Fully...

RMSL: Weakly-Supervised Insider Threat Detection with Robust Multi-Sphere Learning

Insider threat detection aims to identify malicious user behavior by analyzing logs that record user interactions. Due to the lack of fine-grained behavior-level annotations, detecting specific behavior-level anomalies within user behavior sequences is challenging. Unsupervised methods face high...

Machine Learning-Based AES Key Recovery Via Side-Channel Analysis on the ASCAD Dataset

Cryptographic algorithms like AES and RSA are widely used and they are mathematically robust and almost unbreakable but its implementation on physical devices often leak information through side channels, such as electromagnetic EM emissions, potentially compromising said theoretically secure...

Malicious code in sec-learning (npm)

The package sec-learning was found to contain malicious code...

MAL-2025-32873 Malicious code in sec-learning (npm)

The package sec-learning was found to contain malicious code...

CVE-2025-54699

CVE-2025-54699 is an XSS vulnerability in Masteriyo LMS Plugin for WordPress, caused by improper input neutralization during web page generation and enabling stored XSS on pages served to users. Affected range: Masteriyo LMS up to version 1.18.3 (inclusive). Exploitation details are not provided ...

CVE-2025-54699 WordPress Masteriyo - LMS Plugin plugin <= 1.18.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3...

REFN: a Reinforcement-Learning-From-Network Framework against 1-Day/N-Day Exploitations

The exploitation of 1 day or n day vulnerabilities poses severe threats to networked devices due to massive deployment scales and delayed patching average Mean Time To Patch exceeds 60 days. Existing defenses, including host based patching and network based filtering, are inadequate due to limite...

Code Vulnerability Detection across Different Programming Languages with AI Models

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do not work well at detecting the context-dependent bugs and...

Enhancing GraphQL Security by Detecting Malicious Queries Using Large Language Models, Sentence Transformers, and Convolutional Neural Networks

GraphQL's flexibility, while beneficial for efficient data fetching, introduces unique security vulnerabilities that traditional API security mechanisms often fail to address. Malicious GraphQL queries can exploit the language's dynamic nature, leading to denial-of-service attacks, data...

PT-2025-33251 · Unknown · Masteriyo - Lms

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions through 1.18.3 Description: The software contains a Stored Cross-Site Scripting XSS flaw due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts into web...

MirGuard: Towards a Robust Provenance-Based Intrusion Detection System against Graph Manipulation Attacks

Learning-based Provenance-based Intrusion Detection Systems PIDSes have become essential tools for anomaly detection in host systems due to their ability to capture rich contextual and structural information, as well as their potential to detect unknown attacks. However, recent studies have shown...

A Hierarchical IDS for Zero-Day Attack Detection in Internet of Medical Things Networks

The Internet of Medical Things IoMT is driving a healthcare revolution but remains vulnerable to cyberattacks such as denial of service, ransomware, data hijacking, and spoofing. These networks comprise resource constrained, heterogeneous devices e.g., wearable sensors, smart pills, implantables,...

CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...

Explainable Ensemble Learning for Graph-Based Malware Detection

Malware detection in modern computing environments demands models that are not only accurate but also interpretable and robust to evasive techniques. Graph neural networks GNNs have shown promise in this domain by modeling rich structural dependencies in graph-based program representations such a...

Demystifying the Role of Rule-Based Detection in AI Systems for Windows Malware Detection

Malware detection increasingly relies on AI systems that integrate signature-based detection with machine learning. However, these components are typically developed and combined in isolation, missing opportunities to reduce data complexity and strengthen defenses against adversarial EXEmples,...

WordPress Tutor LMS Pro plugin <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection vulnerability

Authenticated Tutor Instructor+ SQL Injection vulnerability discovered by sergioframi in WordPress Plugin Tutor LMS Pro versions = 3.7.0...

Exploring Cross-Stage Adversarial Transferability in Class-Incremental Continual Learning

Class-incremental continual learning addresses catastrophic forgetting by enabling classification models to preserve knowledge of previously learned classes while acquiring new ones. However, the vulnerability of the models against adversarial attacks during this process has not been investigated...