The vulnerability of the OpenID authentication module of the Chamilo LMS system, related to the lack of verification of the validity of XML objects’ sequences, allows attackers to execute arbitrary SQL queries.

The vulnerability of the OpenID authentication module in the Chamilo LMS system relates to the lack of verification of the authenticity of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary SQL...

The vulnerability of the Chamilo LMS electronic learning and content management system, related to deficiencies in the deserialization mechanism used by the operating system, allows attackers to create arbitrary classes.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, is related to deficiencies in the deserialization mechanisms used in the operating system. Exploiting this vulnerability could allow an attacker to create arbitrary classes...

The vulnerability of the vChamilo plugin of the eLearning and content management system Chamilo LMS lies in the lack of verification of the validity of XML objects’ sequences. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the vChamilo plugin in the Chamilo LMS system is related to the lack of verification for the validity of XML objects’ sequences. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2025-6029

Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record...

CVE-2025-6029

Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record...

CVE-2025-6030 Autoeastern Smart Keyless Entry System Replay Attack

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador...

CVE-2025-6030 Autoeastern Smart Keyless Entry System Replay Attack

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador...

CVE-2025-6029

CVE-2025-6029 describes a replay-attack vulnerability in a KIA-branded Aftermarket Generic Smart Keyless Entry System. The root cause is the use of fixed learning codes in the Key Fob Transmitter, enabling unauthorized lock/unlock actions. Public descriptions (NVD/Red Hat/CVE lists) specify a rep...

CVE-2025-6029 KIA-branded Aftermarket Generic Smart Keyless Entry System Replay Attack

Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record...

Autoeastern Cyclone Matrix TRF 安全漏洞

Autoeastern Cyclone Matrix TRF is an automotive smart door lock system from Autoeastern Ecuador. A security vulnerability exists in the Autoeastern Cyclone Matrix TRF that stems from the use of fixed learning code that could lead to replay attacks...

KIA Aftermarket Generic Smart Keyless Entry System 安全漏洞

KIA Aftermarket Generic Smart Keyless Entry System is an automotive smart door locking system from KIA, a South Korean company. A security vulnerability exists in the KIA Aftermarket Generic Smart Keyless Entry System that stems from the use of fixed learning code, which could lead to replay...

Training RL Agents for Multi-Objective Network Defense Tasks

Open-ended learning OEL -- which emphasizes training agents that achieve broad capability over narrow competency -- is emerging as a paradigm to develop artificial intelligence AI agents to achieve robustness and generalization. However, despite promising results that demonstrate the benefits of...

PT-2025-25420 · Unknown · Kia-Branded Aftermarket Generic Smart Keyless Entry System

Name of the Vulnerable Software and Affected Versions: KIA-branded Aftermarket Generic Smart Keyless Entry System versions 2022 through 2025 Description: The issue is related to the use of fixed learning codes in the Key Fob Transmitter, which allows a replay attack. This affects KIA vehicles in...

CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

vantage6 安全特征问题漏洞

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security feature issue vulnerability exists in vantage6 versions prior to 4.11.0 that stems from an insecure JWT key auto-generation that could lead to key prediction...

vantage6 安全漏洞

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions prior to 4.11 that stems from the change password feature allowing unlimited attempts, which could lead to a brute force atta...

Differentially Private Relational Learning with Entity-Level Privacy Guarantees

Learning with relational and network-structured data is increasingly vital in sensitive domains where protecting the privacy of individual entities is paramount. Differential Privacy DP offers a principled approach for quantifying privacy risks, with DP-SGD emerging as a standard mechanism for...

TimberStrike: Dataset Reconstruction Attack Revealing Privacy Leakage in Federated Tree-Based Systems

Federated Learning has emerged as a privacy-oriented alternative to centralized Machine Learning, enabling collaborative model training without direct data sharing. While extensively studied for neural networks, the security and privacy implications of tree-based models remain underexplored. This...