Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning ML tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22...

CVE-2024-11444

The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevorendermoduleui function. This makes it possible for unauthenticated attackers to...

CVE-2024-11444 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion

The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevorendermoduleui function. This makes it possible for unauthenticated attackers to...

CVE-2024-11444

CVE-2024-11444 : CLUEVO LMS (WordPress plugin)

Qualys TotalAI: The Journey from LLM Scanner to Comprehensive AI Security Solution

Embarking on the AI/ML Journey The launch of Qualys TotalAI marks a significant milestone in our journey with AI/ML. It all began in March 2024 when we ventured into the rapidly evolving AI/ML landscape and the emerging LLM ecosystem. Recognizing the potential of these technologies to revolutioni...

WordPress plugin CLUEVO LMS, E-Learning Platform 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Hi e-learning Learning Management System 跨站脚本漏洞

Hi e-learning Learning Management System Hi e-learning LMS is an online learning solution from Hi e-learning, Inc. A cross-site scripting vulnerability exists in versions of Hi e-learning Learning Management System prior to 06.12.2024, which stems from improper input neutralization during web pag...

PT-2024-16908

Name of the Vulnerable Software and Affected Versions Hi e-learning Learning Management System LMS versions prior to 06.12.2024 Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS...

Why Cybercriminals Are Not Necessarily Embracing AI

As published in HackerNoon and featured as a “Top 20 Best Read Article” for AI. Introduction The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks. As an example, recently OpenAI reported threat actors abusing...

The vulnerability of the library for optimizing machine learning models in Intel Neural Compressor allows attackers to exploit it by bypassing security measures related to SQL query structures, thereby enabling them to enhance their privileges.

The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to the lack of protective measures for SQL query structures. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

The vulnerability of the library for optimizing machine learning models in Intel Neural Compressor lies in the failure to take measures to neutralize special elements in the template creation mechanism. This allows attackers to enhance their privileges.

The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to the lack of measures taken to neutralize special elements in the template creation mechanism. Exploiting this vulnerability can allow a remote attacker to enhance their privileges...

Moodle Authorization Issues Vulnerability (CNVD-2024-46247)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from the need to perform additional checks to ensure that ...

Polyaxon Container Escape Vulnerability (CNVD-2024-46011)

Polyaxon is an open source platform designed to simplify the lifecycle management of machine learning and deep learning projects. Polyaxon suffers from a container escape vulnerability that can be exploited by attackers to compromise the confidentiality, availability, and integrity of the system...

Polyaxon Container Escape Vulnerability

Polyaxon is an open source platform designed to simplify the lifecycle management of machine learning and deep learning projects. Polyaxon suffers from a container escape vulnerability that can be exploited by attackers to compromise the confidentiality, availability, and integrity of the system...

CVE-2024-50672

A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...

CVE-2024-50671

Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...

PYSEC-2024-224

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

CVE-2024-50672

A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...

CVE-2024-50671

Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...

CVE-2024-50672

Summary: CVE-2024-50672 affects Adapt Learning Adapt Authoring Tool versions &lt;= 0.11.3. A NoSQL injection flaw arises from insufficient input validation, where attacker-controlled input is used in a Mongoose find() query. This can allow unauthenticated users to reset passwords for regular and ...