Injection, Attack and Erasure: Revocable Backdoor Attacks Via Machine Unlearning

Backdoor attacks pose a persistent security risk to deep neural networks DNNs due to their stealth and durability. While recent research has explored leveraging model unlearning mechanisms to enhance backdoor concealment, existing attack strategies still leave persistent traces that may be detect...

CVE-2025-56746

Creativeitem Academy LMS (affected versions up to and including 5.13) is vulnerable to session fixation because it does not regenerate the session ID after successful authentication. The underlying issue is the failure to rotate the session identifier, enabling an attacker to predetermine a valid...

RoBCtrl: Attacking GNN-Based Social Bot Detectors Via Reinforced Manipulation of Bots Control Interaction

Social networks have become a crucial source of real-time information for individuals. The influence of social bots within these platforms has garnered considerable attention from researchers, leading to the development of numerous detection technologies. However, the vulnerability and robustness...

CVE-2025-56746

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...

CVE-2025-56748

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...

EUVD-2025-34223

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Apiinstructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management...

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from a lack of role validation in the Apiinstructor controller, which could lead to elevation of privile...

Attack-Specialized Deep Learning with Ensemble Fusion for Network Anomaly Detection

The growing scale and sophistication of cyberattacks pose critical challenges to network security, particularly in detecting diverse intrusion types within imbalanced datasets. Traditional intrusion detection systems IDS often struggle to maintain high accuracy across both frequent and rare...

CVE-2025-62158

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the fil...

CVE-2025-11555

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendarofevents.php. The manipulation of the argument datestart results in sql injection. The attack may be launched remotely. The exploit is now public and may be use...

CVE-2025-62158

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the fil...

CVE-2025-62158 Frappe had attachments made by students to their assignments of type Text set to public

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the fil...

CVE-2025-62158

Summary: Frappe Learning prior to version 2.38.0 stored student assignment attachments as public files, enabling unauthenticated access via file URLs. The underlying issue is the exposure of uploaded files through public storage. Affected products/versions: Frappe Learning,

CVE-2025-62158 Frappe had attachments made by students to their assignments of type Text set to public

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the fil...

EUVD-2025-33775

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the fil...

CVE-2025-62158 Frappe had attachments made by students to their assignments of type Text set to public

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the fil...

Frappe Learning 信息泄露漏洞

Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. An information disclosure vulnerability exists in Frappe Learning versions prior to 2.38.0, which stems from student uploaded assignment attachments being stored as public files, which could lead to...

PT-2025-41602

Name of the Vulnerable Software and Affected Versions Frappe Learning versions prior to 2.38.0 Description Frappe Learning is a learning system used to structure content. Prior to version 2.38.0, student-uploaded assignment attachments were stored as public files, potentially exposing them to...

CVE-2025-11555

CVE-2025-11555 concerns Campcodes Online Learning Management System v1.0. Multiple connected sources confirm a SQL injection in the /admin/calendar_of_events.php script caused by unsafely manipulating the date_start parameter. The vulnerability is exploitable remotely and exploit code is publicly...

CVE-2025-11555 Campcodes Online Learning Management System calendar_of_events.php sql injection

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendarofevents.php. The manipulation of the argument datestart results in sql injection. The attack may be launched remotely. The exploit is now public and may be use...