Llama-3.1-FoundationAI-SecurityLLM-Reasoning-8B Technical Report

We present Foundation-Sec-8B-Reasoning, the first open-source native reasoning model for cybersecurity. Built upon our previously released Foundation-Sec-8B base model derived from Llama-3.1-8B-Base, the model is trained through a two-stage process combining supervised fine-tuning SFT and...

Helper-Assisted Coding for Gaussian Wiretap Channels: Deep Learning Meets PhySec

Consider the Gaussian wiretap channel, where a transmitter wishes to send a confidential message to a legitimate receiver in the presence of an eavesdropper. It is well known that if the eavesdropper experiences less channel noise than the legitimate receiver, then it is impossible for the...

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

NVIDIA RunX security vulnerabilities

NVIDIA runx is a deep learning experiment management tool developed by NVIDIA Corporation. NVIDIA runx contains a security vulnerability, which stems from code injection. This vulnerability may lead to code execution, denial of service, privilege escalation, information leakage, and data corrupti...

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

EUVD-2020-30854

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting (XSS) vulnerability in the user profile first/last name fields. An attacker can inject scripts (e.g., ) that execute when other users view the profile. Connected sources provide CVSS scores (4.0: 5.1/ MEDIUM; 3.1: 6.4/ MEDIUM) and confirm the v...

Benchmarking Machine Learning Models for IoT Malware Detection under Data Scarcity and Drift

The rapid expansion of the Internet of Things IoT in domains such as smart cities, transportation, and industrial systems has heightened the urgency of addressing their security vulnerabilities. IoT devices often operate under limited computational resources, lack robust physical safeguards, and...

CTF for Education

In this paper, we take a close look at how CTF can be used in cybersecurity education. We divide the CTF competitions into four different categories, which are attack-based CTFs, defense-based CTFs, jeopardy CTFs and gamified and wargames CTFs. We start our analysis by summarizing the main...

CVE-2025-15521

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

CVE-2025-15521 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

CVE-2025-15521

The CVE-2025-15521 entry describes an unauthenticated privilege-escalation in the Academy LMS – WordPress LMS Plugin for Complete eLearning Solution, affecting versions up to 3.5.0. The root cause is improper identity validation during password updates: the reset handler accepts a publicly expose...

CVE-2026-0548 Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the deleteexistinguserphoto function in all versions up to, and including, 3.9.4. This makes it possible for authenticated attackers, wi...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

SecureSplit: Mitigating Backdoor Attacks in Split Learning

Split Learning SL offers a framework for collaborative model training that respects data privacy by allowing participants to share the same dataset while maintaining distinct feature sets. However, SL is susceptible to backdoor attacks, in which malicious clients subtly alter their embeddings to...

Constructing Multi-Label Hierarchical Classification Models for MITRE ATT&CK Text Tagging

MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of techniques that describe the potential methods used in these...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2026-1154 SourceCodester E-Learning System Lesson index.php cross site scripting

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...