7047 matches found
CVE-2024-33253
Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...
CVE-2024-33253
Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...
New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models
The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning ML model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine...
CVE-2024-33253
Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...
OpenEclass E-learning Platform Security Vulnerability
OpenEclass E-learning Platform is an integrated course management system from Open Eclass open source. A security vulnerability exists in OpenEclass E-learning Platform version 3.15 and earlier. An attacker exploited the vulnerability to execute arbitrary code via the title and description fields...
CVE-2024-33253
OpenEclass OpenEclass E-learning Platform (GUnet)
CVE-2024-33253
Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...
Deep Java Library Security Vulnerability
Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library that stems from improper validation of file paths during tar file extraction...
Unpacking 2024's SaaS Threat Predictions
Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Securit...
The vulnerability of the library for optimizing machine learning models, Intel Neural Compressor, related to errors in processing input data, allows attackers to exploit it to gain increased privileges.
The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to errors in processing input data. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...
CVE-2024-5588
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched remotel...
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched remotel...
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched remotel...
PT-2024-36599 · Unknown · Itsourcode Learning Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Learning Management System version 1.0 Description: A critical issue has been found in the itsourcecode Learning Management System, affecting an unknown functionality of the file processscore.php. The manipulation of the LessonID...
AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Artificial Intelligence AI company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for...
GitLab: IDOR Exposes All Machine Learning Models
The vulnerability allows an attacker to access any Machine Learning Model Registry in GitLab, including private models, by guessing the incremental model IDs. The attacker can also access different versions of the models. This vulnerability was present in GitLab versions 15.11 and 16.2...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the use of referral source URLs that require no additional cleanup...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from a token required to prevent the risk of cross-site request forgery not being...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the failure to sanitize hypertext markup language in site logs...
CVE-2024-5519
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be initiated remotely. The exploit has...