Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which is caused by an SQL injection in the parameter subjectcode...

Moodle SQL Injection Vulnerability (CNVD-2024-44850)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements i...

VIWIS LMS 安全漏洞

Viwis LMS is a Learning Management System from Viwis USA. A security vulnerability exists in VIWIS LMS version 9.11 that stems from a missing authorization in the Print Handler component. A user with the Learner role can use the Manage Print function and active sessions to access the entire exam,...

Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation

Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning ML related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published...

CVE-2024-10470

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management

“Only 17% of organizations can clearly identify and inventory a majority 95% or more of their assets.” - Gartner Imagine the scenario: your organization has been exposed to a new zero-day vulnerability. You are responsible for Threat & Vulnerability Management TVM, you have asked your IT departme...

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

We've all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses SMBs are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers CISO...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from a risk of cache poisoning...

PT-2024-33683

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue arises from the way SuiteCRM checks PHP scripts against a blacklist of functions and methods to prevent the installation of malicious MLPs. However, thi...

Exploring Artificial Intelligence: Is AI Overhyped?

Dive into AI technologies like inference, deep learning, and generative models to learn how LLMs and AI are transforming cybersecurity and tech industries...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

PT-2024-30350 · Unknown · Masteriyo - Lms

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.11.6 and earlier Description: The issue affects Masteriyo - LMS, allowing access to functionality not properly constrained by ACLs due to a Missing Authorization vulnerability. Recommendations: For Masteriyo - LMS...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

PT-2024-21931 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the "new ticket.php" component. This could potentially lead to data theft ...

PT-2024-21932 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS version 1.11.26 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component. Recommendations: For Chamilo LMS version 1.11.26,...

WordPress plugin Masteriyo - LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

The vulnerability of the Enterprise Learning Management component in the Oracle PeopleSoft Enterprise business application suite allows a malicious actor to gain access to data for modification, addition, and deletion.

The vulnerability of the Enterprise Learning Management component in the Oracle PeopleSoft Enterprise business application suite is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to data modification, addition, and...

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

Apple has publicly made available its Private Cloud Compute PCC Virtual Research Environment VRE, allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced securit...

Reducing False Positives in API Security: Advanced Techniques Using Machine Learning

False positives in API security are a serious problem, often resulting in wasted results and time, missing real threats, alert fatigue, and operational disruption. Fortunately, however, emerging technologies like machine learning ML can help organizations minimize false positives and streamline t...

Olive VLE 安全漏洞

Olive VLE is a virtual learning environment from Olive that digitally transforms traditional lecture formats into high-end interactive learning experiences. A security vulnerability exists in Olive VLE that stems from allowing an attacker to gain access to sensitive information through the reset...