CVE-2019-25320

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

Exploit for Cross-site Scripting in Chamilo Chamilo_Lms

CVE-2023-4220 Arbitrary File Upload / RCE - PoC I created...

PT-2026-7920

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

LoRA-Based Parameter-Efficient LLMs for Continuous Learning in Edge-Based Malware Detection

The proliferation of edge devices has created an urgent need for security solutions capable of detecting malware in real time while operating under strict computational and memory constraints. Recently, Large Language Models LLMs have demonstrated remarkable capabilities in recognizing complex...

An Empirical Study of the Imbalance Issue in Software Vulnerability Detection

Vulnerability detection is crucial to protect software security. Nowadays, deep learning DL is the most promising technique to automate this detection task, leveraging its superior ability to extract patterns and representations within extensive code volumes. Despite its promise, DL-based...

Unknown Attack Detection in IoT Networks Using Large Language Models: A Robust, Data-Efficient Approach

The rapid evolution of cyberattacks continues to drive the emergence of unknown zero-day threats, posing significant challenges for network intrusion detection systems in Internet of Things IoT networks. Existing machine learning and deep learning approaches typically rely on large labeled...

CVE-2026-26031

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

CVE-2026-26031

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

CVE-2026-26031

The CVE describes a privacy flaw in Frappe Learning Management System (LMS) prior to version 2.44.0, where unauthorised users could retrieve the full list of enrolled students (by email) in batches. Affected software is the Frappe LMS prior to 2.44.0; the root cause is not explicitly detailed in ...

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.44.0 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow...

PT-2026-7726

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description A security issue was identified in Frappe Learning Management System where unauthorized users could access the full list of enrolled students, including their email...

StealthRL: Reinforcement Learning Paraphrase Attacks for Multi-Detector Evasion of AI-Text Detectors

AI-text detectors face a critical robustness challenge: adversarial paraphrasing attacks that preserve semantics while evading detection. We introduce StealthRL, a reinforcement learning framework that stress-tests detector robustness under realistic adversarial conditions. StealthRL trains a...

The Role of Learning in Attacking Intrusion Detection Systems

Recent work on network attacks have demonstrated that ML-based network intrusion detection systems NIDS can be evaded with adversarial perturbations. However, these attacks rely on complex optimizations that have large computational overheads, making them impractical in many real-world settings. ...

GPU-Fuzz: Finding Memory Errors in Deep Learning Frameworks

GPU memory errors are a critical threat to deep learning DL frameworks, leading to crashes or even security issues. We introduce GPU-Fuzz, a fuzzer locating these issues efficiently by modeling operator parameters as formal constraints. GPU-Fuzz utilizes a constraint solver to generate test cases...

SoK: The Pitfalls of Deep Reinforcement Learning for Cybersecurity

Deep Reinforcement Learning DRL has achieved remarkable success in domains requiring sequential decision-making, motivating its application to cybersecurity problems. However, transitioning DRL from laboratory simulations to bespoke cyber environments can introduce numerous issues. This is furthe...

Empirical Evaluation of SMOTE in Android Malware Detection with Machine Learning: Challenges and Performance in CICMalDroid 2020

Malware, malicious software designed to damage computer systems and perpetrate scams, is proliferating at an alarming rate, with thousands of new threats emerging daily. Android devices, prevalent in smartphones, smartwatches, tablets, and IoTs, represent a vast attack surface, making malware...

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...

Evasion of IoT Malware Detection Via Dummy Code Injection

The Internet of Things IoT has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has...

ACORN-IDS: Adaptive Continual Novelty Detection for Intrusion Detection Systems

Intrusion Detection Systems IDS must maintain reliable detection performance under rapidly evolving benign traffic patterns and the continual emergence of cyberattacks, including zero-day threats with no labeled data available. However, most machine learning-based IDS approaches either assume...