CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2025/10/16 12:0 a.m.•30 views

A Hard-Label Black-Box Evasion Attack against ML-Based Malicious Traffic Detection Systems

Machine Learning ML-based malicious traffic detection is a promising security paradigm. It outperforms rule-based traditional detection by identifying various advanced attacks. However, the robustness of these ML models is largely unexplored, thereby allowing attackers to craft adversarial traffi...

6.8AI score

EUVD•added 2025/10/15 3:30 p.m.•9 views

EUVD-2025-34619

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...

6.4CVSS6.5AI score0.00202EPSS

EUVD•added 2025/10/15 3:30 p.m.•3 views

EUVD-2025-34621

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...

2.2CVSS6.3AI score0.00156EPSS

CVE•added 2025/10/15 12:0 a.m.•6 views

CVE-2025-56746

Creativeitem Academy LMS (affected versions up to and including 5.13) is vulnerable to session fixation because it does not regenerate the session ID after successful authentication. The underlying issue is the failure to rotate the session identifier, enabling an attacker to predetermine a valid...

2.2CVSS6.5AI score0.00156EPSS

Exploits1References1Affected Software1

Packet Storm News•added 2025/10/15 12:0 a.m.•8 views

Injection, Attack and Erasure: Revocable Backdoor Attacks Via Machine Unlearning

Backdoor attacks pose a persistent security risk to deep neural networks DNNs due to their stealth and durability. While recent research has explored leveraging model unlearning mechanisms to enhance backdoor concealment, existing attack strategies still leave persistent traces that may be detect...

7.1AI score

Packet Storm News•added 2025/10/15 12:0 a.m.•2 views

RoBCtrl: Attacking GNN-Based Social Bot Detectors Via Reinforced Manipulation of Bots Control Interaction

Social networks have become a crucial source of real-time information for individuals. The influence of social bots within these platforms has garnered considerable attention from researchers, leading to the development of numerous detection technologies. However, the vulnerability and robustness...

6.8AI score

Vulnrichment•added 2025/10/15 12:0 a.m.•7 views

CVE-2025-56746

6.5AI score0.00156EPSS

Vulnrichment•added 2025/10/15 12:0 a.m.•3 views

CVE-2025-56748

6.6AI score0.00202EPSS

EUVD•added 2025/10/14 3:31 p.m.•4 views

EUVD-2025-34223

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Apiinstructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management...

6.5CVSS6.4AI score0.00263EPSS

CNNVD•added 2025/10/14 12:0 a.m.•3 views

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from a lack of role validation in the Apiinstructor controller, which could lead to elevation of privile...

6.5CVSS6.6AI score0.00263EPSS

Packet Storm News•added 2025/10/14 12:0 a.m.•4 views

Attack-Specialized Deep Learning with Ensemble Fusion for Network Anomaly Detection

The growing scale and sophistication of cyberattacks pose critical challenges to network security, particularly in detecting diverse intrusion types within imbalanced datasets. Traditional intrusion detection systems IDS often struggle to maintain high accuracy across both frequent and rare...

6.8AI score

RedhatCVE•added 2025/10/11 8:7 p.m.•14 views

CVE-2025-62158

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the fil...

6.9CVSS6.6AI score0.00272EPSS

Exploits0References1

RedhatCVE•added 2025/10/10 9:27 p.m.•4 views

CVE-2025-11555

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendarofevents.php. The manipulation of the argument datestart results in sql injection. The attack may be launched remotely. The exploit is now public and may be use...

9.8CVSS7AI score0.00382EPSS