CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability in the elfinder filemanager module. Authenticated users can upload files (with image headers) in the social myfiles area, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files. Impact is high fo...

CVE-2026-25372

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

CVE-2026-26977

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System 2.44.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper access control of API endpoints,...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Version 1.11.8 of Chamilo LMS contains a code vulnerability. This vulnerability stems from the elfinder file...

Detecting PowerShell-Based Fileless Cryptojacking Attacks Using Machine Learning

With the emergence of remote code execution RCE vulnerabilities in ubiquitous libraries and advanced social engineering techniques, threat actors have started conducting widespread fileless cryptojacking attacks. These attacks have become effective with stealthy techniques based on PowerShell-bas...

Can AI Lower the Barrier to Cybersecurity? A Human-Centered Mixed-Methods Study of Novice CTF Learning

Capture-the-Flag CTF competitions serve as gateways into offensive cybersecurity, yet they often present steep barriers for novices due to complex toolchains and opaque workflows. Recently, agentic AI frameworks for cybersecurity promise to lower these barriers by automating and coordinating...

Security Bulletin: IBM Watson Machine Learning Accelerator for IBM Cloud Pak for Data is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM Watson Machine Learning Accelerator for IBM Cloud Pak for Data. Follow the instructions in this document to address them. Vulnerability Details CVEID:CVE-2021-38291 DESCRIPTION: FFmpeg version git commit de8e6e67e7523e48bb27ac224a0b446df05e16...

CVE-2026-25372 WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

FormaLMS 安全漏洞

FormaLMS is an open-source learning management system developed by Forma.association. It is designed to meet specific needs related to corporate training. Versions of FormaLMS prior to 4.1.18 contained a security vulnerability. This vulnerability stemmed from the password recovery function, which...

PT-2026-20714

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through = 3.5.3...

Arc2Morph: Identity-Preserving Facial Morphing with Arc2Face

Face morphing attacks are widely recognized as one of the most challenging threats to face recognition systems used in electronic identity documents. These attacks exploit a critical vulnerability in passport enrollment procedures adopted by many countries, where the facial image is often acquire...

Collaborative Zone-Adaptive Zero-Day Intrusion Detection for IoBT

The Internet of Battlefield Things IoBT relies on heterogeneous, bandwidth-constrained, and intermittently connected tactical networks that face rapidly evolving cyber threats. In this setting, intrusion detection cannot depend on continuous central collection of raw traffic due to disrupted link...

A Unified Evaluation of Learning-Based Similarity Techniques for Malware Detection

Cryptographic digests e.g., MD5, SHA-256 are designed to provide exact identity. Any single-bit change in the input produces a completely different hash, which is ideal for integrity verification but limits their usefulness in many real-world tasks like threat hunting, malware analysis and digita...

Exploiting Layer-Specific Vulnerabilities to Backdoor Attack in Federated Learning

Federated learning FL enables distributed model training across edge devices while preserving data locality. This decentralized approach has emerged as a promising solution for collaborative learning on sensitive user data, effectively addressing the longstanding privacy concerns inherent in...

From SFT to RL: Demystifying the Post-Training Pipeline for LLM-Based Vulnerability Detection

The integration of LLMs into vulnerability detection VD has shifted the field toward interpretable and context-aware analysis. While post-training methods have shown promise in general coding tasks, their systematic application to VD remains underexplored. In this paper, we present the first...

Backdoor Attacks on Contrastive Continual Learning for IoT Systems

The Internet of Things IoT systems increasingly depend on continual learning to adapt to non-stationary environments. These environments can include factors such as sensor drift, changing user behavior, device aging, and adversarial dynamics. Contrastive continual learning CCL combines contrastiv...