Frappe Learning Management System 跨站脚本漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning Management System versions prior to 2.42.0, which stems from the Company Website field in a Job Form that can be...

PT-2025-50902

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated users to inject malicious HTML and JavaScript code through description fields within the Job, Course, and Bat...

PT-2025-50968

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated attackers to inject JavaScript code through the Company Website field within the Job Form. This can lead to a...

PHANTOM: Progressive High-Fidelity Adversarial Network for Threat Object Modeling

The scarcity of cyberattack data hinders the development of robust intrusion detection systems. This paper introduces PHANTOM, a novel adversarial variational framework for generating high-fidelity synthetic attack data. Its innovations include progressive training, a dual-path VAE-GAN...

Authority Backdoor: A Certifiable Backdoor Mechanism for Authoring DNNs

Deep Neural Networks DNNs, as valuable intellectual property, face unauthorized use. Existing protections, such as digital watermarking, are largely passive; they provide only post-hoc ownership verification and cannot actively prevent the illicit use of a stolen model. This work proposes a...

Virtual Camera Detection: Catching Video Injection Attacks in Remote Biometric Systems

Face anti-spoofing FAS is a vital component of remote biometric authentication systems based on facial recognition, increasingly used across web-based applications. Among emerging threats, video injection attacks -- facilitated by technologies such as deepfakes and virtual camera software -- pose...

SUSE CVE-2025-40297

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its...

UBUNTU-CVE-2025-40297

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its...

CVE-2025-40297

The CVE-2025-40297 fix applies to the Linux kernel net/bridge code. It addresses a use-after-free race that could occur when deleting an expired fdb if MST is enabled. The race happens between ongoing learning and port deletion, where the port state is disabled but MST can bypass the port state, ...

CVE-2025-40297 net: bridge: fix use-after-free due to MST port state bypass

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its...

Agentic Artificial Intelligence for Ethical Cybersecurity in Uganda: A Reinforcement Learning Framework for Threat Detection in Resource-Constrained Environments

Uganda's rapid digital transformation, supported by national strategies such as Vision 2040 and the Digital Transformation Roadmap, has expanded reliance on networked services while simultaneously increasing exposure to sophisticated cyber threats. In resource-constrained settings, commonly...

Linux Distros Unpatched Vulnerability : CVE-2025-40297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition betwe...

Deep Reinforcement Learning for Phishing Detection with Transformer-Based Semantic Features

Phishing is a cybercrime in which individuals are deceived into revealing personal information, often resulting in financial loss. These attacks commonly occur through fraudulent messages, misleading advertisements, and compromised legitimate websites. This study proposes a Quantile Regression De...

PrivLLMSwarm: Privacy-Preserving LLM-Driven UAV Swarms for Secure IoT Surveillance

Large Language Models LLMs are emerging as powerful enablers for autonomous reasoning and natural-language coordination in unmanned aerial vehicle UAV swarms operating within Internet of Things IoT environments. However, existing LLM-driven UAV systems process sensitive operational data in...

RunawayEvil: Jailbreaking the Image-To-Video Generative Models

Image-to-Video I2V generation synthesizes dynamic visual content from image and text inputs, providing significant creative control. However, the security of such multimodal systems, particularly their vulnerability to jailbreak attacks, remains critically underexplored. To bridge this gap, we...

CVE-2025-66581

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints...

Smart Surveillance: Identifying IoT Device Behaviours Using ML-Powered Traffic Analysis

The proliferation of Internet of Things IoT devices has grown exponentially in recent years, introducing significant security challenges. Accurate identification of the types of IoT devices and their associated actions through network traffic analysis is essential to mitigate potential threats. B...

CVE-2025-66581

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints...

CVE-2025-66581 Frappe LMS is Missing Server-Side Authorization in Business Logic

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints...

EUVD-2025-201498

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints...