CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/16 7:13 p.m.•3 views

CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php

9.3CVSS6.1AI score0.00329EPSS

Packet Storm News•added 2026/03/16 12:0 a.m.•4 views

PISmith: Reinforcement Learning-Based Red Teaming for Prompt Injection Defenses

Prompt injection poses serious security risks to real-world LLM applications, particularly autonomous agents. Although many defenses have been proposed, their robustness against adaptive attacks remains insufficiently evaluated, potentially creating a false sense of security. In this work, we...

5.7AI score

Positive Technologies•added 2026/03/16 12:0 a.m.•2 views

PT-2026-25807

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $ REQUEST is echoed directly into an HTML href attribute without any encoding or...

6.1CVSS5.8AI score0.00194EPSS

Exploits0References3

EUVD•added 2026/03/13 9:31 p.m.•1 views

EUVD-2026-11798

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through = 1.0.6.3...

8.5CVSS5.8AI score0.00215EPSS

ATTACKERKB•added 2026/03/13 11:41 a.m.•0 views

CVE-2026-31922

5.8AI score0.00215EPSS

CVE•added 2026/03/13 11:41 a.m.•8 views

CVE-2026-31922

CVE-2026-31922 affects the WordPress Fox LMS plugin (fox-lms) for versions up to 1.0.6.3. It is described as an SQL Injection vulnerability due to improper neutralization, specifically enabling Blind SQL Injection in Fox LMS. The connected documents confirm the affected product and vulnerability ...

8.5CVSS5.8AI score0.00215EPSS

Exploits0References1

Packet Storm News•added 2026/03/12 12:0 a.m.•1 views

RadEar: A Self-Supervised RF Backscatter System for Voice Eavesdropping and Separation

Eavesdropping on voice conversations presents a growing threat to personal privacy and information security. In this paper, we present RadEar, a novel RF backscatter-based system designed to enable covert voice eavesdropping through walls. RadEar consists of two key components: i a batteryless RF...

ATTACKERKB•added 2026/03/11 10:32 p.m.•2 views

CVE-2026-3962

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

Vulnrichment•added 2026/03/11 10:32 p.m.•3 views

CVE-2026-3962 Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting

CVE•added 2026/03/11 10:32 p.m.•7 views

CVE-2026-3962

The CVE-2026-3962 entry affects Jcharis Machine-Learning-Web-Apps (up to a6996b634d98ccec4701ac8934016e8175b60eb5) where the render_template function in Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py under the Jinja2 Template Handler is vulnerable to cross-site...

Vulnrichment•added 2026/03/11 10:4 p.m.•1 views

CVE-2026-3920

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00291EPSS

Positive Technologies•added 2026/03/11 12:0 a.m.•0 views

PT-2026-24891

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

Packet Storm News•added 2026/03/11 12:0 a.m.•1 views

Exploits0References9

Incremental Federated Learning for Intrusion Detection in IoT Networks under Evolving Threat Landscape

The expansion of Internet of Things IoT devices has increased the attack surface of networks, necessitating a robust and adaptive intrusion detection systems. Machine learning based systems have been considered promising in enhancing the detection performance. Federated learning settings enabled ...

Packet Storm News•added 2026/03/11 12:0 a.m.•5 views

Adversarial Reinforcement Learning for Detecting False Data Injection Attacks in Vehicular Routing

In modern transportation networks, adversaries can manipulate routing algorithms using false data injection attacks, such as simulating heavy traffic with multiple devices running crowdsourced navigation applications, to mislead vehicles toward suboptimal routes and increase congestion. To addres...

5.9AI score

CNNVD•added 2026/03/11 12:0 a.m.•3 views

Machine-Learning-Web-Apps 代码注入漏洞

Machine-Learning-Web-Apps is a machine learning web application development framework developed by JCharis Jesse. There is a code injection vulnerability in Machine-Learning-Web-Apps, which stems from an incorrect operation on the rendertemplate function in the Jinja2 Template Handler component o...

5.3CVSS5.7AI score0.00348EPSS

GithubExploit•added 2026/03/10 7:34 a.m.•109 views

pentesting-notes

🔐 Pentesting Notes Personal penetration testing documentati...

Packet Storm News•added 2026/03/10 12:0 a.m.•7 views

ProvAgent: Threat Detection Based on Identity-Behavior Binding and Multi-Agent Collaborative Attack Investigation

Advanced Persistent Threats APTs pose critical challenges to modern cybersecurity due to their multi-stage and stealthy nature. While provenance-based detection approaches show promise in capturing causal attack semantics, current threat provenance practices face two paradoxical issues: 1 expert...