PT-2026-22615

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo, a learning management system, contains an input validation issue when importing user data from CSV files. Insufficient sanitization of the "Last Name", "First Name", and "Username" fields...

PT-2026-22619

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keyword active parameter in admin/user list.php. This issue has been patched in version 1.11.30...

PT-2026-22621

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...

TraceGuard: Process-Guided Firewall against Reasoning Backdoors in Large Language Models

The deployment of Large Reasoning Models LRMs in high-stakes decision-making pipelines has introduced a novel and opaque attack surface: reasoning backdoors. In these attacks, the model's intermediate Chain-of-Thought CoT is manipulated to provide a linguistically plausible but logically fallacio...

AMDS: Attack-Aware Multi-Stage Defense System for Network Intrusion Detection with Two-Stage Adaptive Weight Learning

Machine learning based network intrusion detection systems are vulnerable to adversarial attacks that degrade classification performance under both gradient-based and distribution shift threat models. Existing defenses typically apply uniform detection strategies, which may not account for...

Neurosymbolic Learning for Advanced Persistent Threat Detection under Extreme Class Imbalance

The growing deployment of Internet of Things IoT devices in smart cities and industrial environments increases vulnerability to stealthy, multi-stage advanced persistent threats APTs that exploit wireless communication. Detection is challenging due to severe class imbalance in network traffic,...

Quantifying Catastrophic Forgetting in IoT Intrusion Detection Systems

Distribution shifts in attack patterns within RPL-based IoT networks pose a critical threat to the reliability and security of large-scale connected systems. Intrusion Detection Systems IDS trained on static datasets often fail to generalize to unseen threats and suffer from catastrophic forgetti...

Empowering Future Cybersecurity Leaders: Advancing Students through FINDS Education for Digital Forensic Excellence

The Forensics Investigations Network in Digital Sciences FINDS Research Center of Excellence CoE, funded by the U.S. Army Research Laboratory, advances Digital Forensic Engineering Education DFEE through an integrated research education framework for AI enabled cybersecurity workforce development...

WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Ultimate Learning Pro versions = 3.9.1...

CVE-2026-26717

An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...

Blockchain-Enabled Routing for Zero-Trust Low-Altitude Intelligent Networks

Due to the scalability and portability, low-altitude intelligent networks LAINs are essential in various fields such as surveillance and disaster rescue. However, in LAINs, unmanned aerial vehicles UAVs are characterized by the distributed topology and high mobility, thus vulnerable to security...

ThreatFormer-IDS: Robust Transformer Intrusion Detection with Zero-Day Generalization and Explainable Attribution

Intrusion detection in IoT and industrial networks requires models that can detect rare attacks at low false-positive rates while remaining reliable under evolving traffic and limited labels. Existing IDS solutions often report strong in-distribution accuracy, but they may degrade when evaluated ...

WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.5...

Explainability-Aware Evaluation of Transfer Learning Models for IoT DDoS Detection under Resource Constraints

Distributed denial-of-service DDoS attacks threaten the availability of Internet of Things IoT infrastructures, particularly under resource-constrained deployment conditions. Although transfer learning models have shown promising detection accuracy, their reliability, computational feasibility, a...

PT-2026-21958

Name of the Vulnerable Software and Affected Versions OpenFUN Richie LMS affected versions not specified Description The application uses a non-constant time comparison operator for HMAC signature verification within the sync course run from request function, located in...

CVE-2026-26717

An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...

ai-security-toolkit

...

SafePickle: Robust and Generic ML Detection of Malicious Pickle-Based ML Models

Model repositories such as Hugging Face increasingly distribute machine learning artifacts serialized with Python's pickle format, exposing users to remote code execution RCE risks during model loading. Recent defenses, such as PickleBall, rely on per-library policy synthesis that requires comple...

CodeHacker: Automated Test Case Generation for Detecting Vulnerabilities in Competitive Programming Solutions

The evaluation of Large Language Models LLMs for code generation relies heavily on the quality and robustness of test cases. However, existing benchmarks often lack coverage for subtle corner cases, allowing incorrect solutions to pass. To bridge this gap, we propose CodeHacker, an automated agen...

CVE-2026-26977

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...