CVE-2024-47886

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution RCE within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an...

EUVD-2024-55455

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution RCE within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an...

Chamilo 操作系统命令注入漏洞

Chamilo is a learning management system open source by Chamilo. Chamilo checkparselang.php file has an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...

PT-2026-22615

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo, a learning management system, contains an input validation issue when importing user data from CSV files. Insufficient sanitization of the "Last Name", "First Name", and "Username" fields...

PT-2026-22619

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keyword active parameter in admin/user list.php. This issue has been patched in version 1.11.30...

PT-2026-22621

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...

TraceGuard: Process-Guided Firewall against Reasoning Backdoors in Large Language Models

The deployment of Large Reasoning Models LRMs in high-stakes decision-making pipelines has introduced a novel and opaque attack surface: reasoning backdoors. In these attacks, the model's intermediate Chain-of-Thought CoT is manipulated to provide a linguistically plausible but logically fallacio...

AMDS: Attack-Aware Multi-Stage Defense System for Network Intrusion Detection with Two-Stage Adaptive Weight Learning

Machine learning based network intrusion detection systems are vulnerable to adversarial attacks that degrade classification performance under both gradient-based and distribution shift threat models. Existing defenses typically apply uniform detection strategies, which may not account for...

Neurosymbolic Learning for Advanced Persistent Threat Detection under Extreme Class Imbalance

The growing deployment of Internet of Things IoT devices in smart cities and industrial environments increases vulnerability to stealthy, multi-stage advanced persistent threats APTs that exploit wireless communication. Detection is challenging due to severe class imbalance in network traffic,...

Quantifying Catastrophic Forgetting in IoT Intrusion Detection Systems

Distribution shifts in attack patterns within RPL-based IoT networks pose a critical threat to the reliability and security of large-scale connected systems. Intrusion Detection Systems IDS trained on static datasets often fail to generalize to unseen threats and suffer from catastrophic forgetti...

Empowering Future Cybersecurity Leaders: Advancing Students through FINDS Education for Digital Forensic Excellence

The Forensics Investigations Network in Digital Sciences FINDS Research Center of Excellence CoE, funded by the U.S. Army Research Laboratory, advances Digital Forensic Engineering Education DFEE through an integrated research education framework for AI enabled cybersecurity workforce development...

WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Ultimate Learning Pro versions = 3.9.1...

CVE-2026-26717

An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...

Blockchain-Enabled Routing for Zero-Trust Low-Altitude Intelligent Networks

Due to the scalability and portability, low-altitude intelligent networks LAINs are essential in various fields such as surveillance and disaster rescue. However, in LAINs, unmanned aerial vehicles UAVs are characterized by the distributed topology and high mobility, thus vulnerable to security...

ThreatFormer-IDS: Robust Transformer Intrusion Detection with Zero-Day Generalization and Explainable Attribution

Intrusion detection in IoT and industrial networks requires models that can detect rare attacks at low false-positive rates while remaining reliable under evolving traffic and limited labels. Existing IDS solutions often report strong in-distribution accuracy, but they may degrade when evaluated ...

WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.5...

Explainability-Aware Evaluation of Transfer Learning Models for IoT DDoS Detection under Resource Constraints

Distributed denial-of-service DDoS attacks threaten the availability of Internet of Things IoT infrastructures, particularly under resource-constrained deployment conditions. Although transfer learning models have shown promising detection accuracy, their reliability, computational feasibility, a...

PT-2026-21958

Name of the Vulnerable Software and Affected Versions OpenFUN Richie LMS affected versions not specified Description The application uses a non-constant time comparison operator for HMAC signature verification within the sync course run from request function, located in...

CVE-2026-26717

An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...

ai-security-toolkit

...