PT-2025-37378

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system. A blind Server-Side Request Forgery SSRF condition exists due to insufficient validation of incoming requests used in the operating system command. Successf...

Engaging Online Learning: Strategies to Keep Students Focused and Motivated

While inundated with ideas, you also need to consider how to present them effectively and structure the course…...

AIs as Trusted Third Parties

This is a truly fascinating paper: "Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography." The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit t...

A Taxonomy of Adversarial Machine Learning Attacks and Mitigations

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures...

polyaxon 跨站请求伪造漏洞

polyaxon is a polyaxon open source MLOps tool for managing and orchestrating the machine learning lifecycle. A cross-site request forgery vulnerability exists in polyaxon version v2.4.0, which stems from cross-site request forgery and could lead to unauthorized operations...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0, which stems from a custom encryption tool endpoint that does not restrict encrypted files, potentially leading to ransomware behavior...

H2O 代码问题漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O version 3.46.0.4, which stems from deserializing untrusted data and could lead to remote code execution...

Custom vs. Off-the-shelf Educational Software

Educational institutions and businesses looking to implement technology-driven learning solutions often face a key decision: should they invest…...

Announcing the winners of the Adaptive Prompt Injection Challenge (LLMail-Inject)

We are excited to announce the winners of LLMail-Inject, our first Adaptive Prompt Injection Challenge! The challenge ran from December 2024 until February 2025 and was featured as one of the four official competitions of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning IEEE...

The vulnerability of the Iced training platform’s classes allows a hacker to execute arbitrary code.

The vulnerability of the Iced training platform for machine learning H2O is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

MAL-2025-2062 Malicious code in learning-kotlin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5560da3fe5e63bf7da20ae1cd458fd7999e279367f07227ce8a6019ca497dc87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in learning-kotlin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5560da3fe5e63bf7da20ae1cd458fd7999e279367f07227ce8a6019ca497dc87 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EPSS Decoded: An Examination & Comparison to CVSS

Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all! A Paradigm Shift in Vulnerability Management Vulnerability...

Moodle Cross-Site Scripting Vulnerability (CNVD-2025-11089)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle. The vulnerability stems from a cross-site scripting risk where...

Moodle SQL Injection Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an SQL injection vulnerability that stems from not adequately filtering user input. No detailed...

CVE-2025-1590

A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the...

CVE-2025-1589

A vulnerability was found in SourceCodester E-Learning System 1.0 and classified as problematic. This issue affects some unknown processing of the file /register.php of the component User Registration Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely...

PYSEC-2025-120

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

PYSEC-2025-120

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

CVE-2023-25574 JupyterHub's LTI13Authenticator: JWT signature not validated

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...