Lucene search
K

60 matches found

RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.5 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS5.3AI score0.00397EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 3:31 p.m.1 views

EUVD-2026-21931

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack...

5.8AI score0.00397EPSS
Exploits0References3
NVD
NVD
added 2026/04/13 3:17 p.m.7 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.3 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

5.3AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.28 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.4 views

Totara LMS 安全漏洞

Totara LMS is an learning management system provided by the Totara company. Versions of Totara LMS prior to v19.1.5 contained security vulnerabilities. These vulnerabilities stemmed from the forget password API not implementing rate limits on target email addresses, which could lead to email...

9.8CVSS5.8AI score0.00397EPSS
Exploits0References3
CVE
CVE
added 2026/04/13 12:0 a.m.10 views

CVE-2026-31283

CVE-2026-31283 impacts Totara LMS v19.1.5 and earlier, where the forgot password API lacks rate limiting for target email addresses. This underpins a potential Email Bombing attack; the root cause is insufficient request throttling in the forgot password flow. Public details confirm affected prod...

9.8CVSS5.3AI score0.00397EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.2 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS5.3AI score0.00397EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32360

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack...

5.8AI score0.00397EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.10 views

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

9.8CVSS6.8AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.15 views

CVE-2025-54320

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests...

4.3CVSS6.7AI score0.00287EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 9:32 p.m.4 views

EUVD-2025-198073

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

6.3AI score0.00409EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/18 9:32 p.m.8 views

EUVD-2025-198072

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests...

6.2AI score0.00287EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 7:15 p.m.3 views

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

9.8CVSS0.00409EPSS
Exploits0References2
OSV
OSV
added 2025/11/18 7:15 p.m.5 views

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

9.8CVSS5.8AI score0.00409EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 7:15 p.m.4 views

CVE-2025-54320

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests...

4.3CVSS0.00287EPSS
Exploits0References2
OSV
OSV
added 2025/11/18 7:15 p.m.4 views

CVE-2025-54320

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.3 views

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

6.5AI score0.00409EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.6 views

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

0.00409EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

Ascertia SigningHub 安全漏洞

Ascertia SigningHub is an electronic signature software from Ascertia UK. A security vulnerability exists in Ascertia SigningHub version 8.6.8 and prior versions, which stems from a lack of rate limiting in the reset password function and could lead to email bombing...

9.8CVSS6.7AI score0.00409EPSS
Exploits0References3
Rows per page
Query Builder