CVE-2026-31283
CVE-2026-31283 impacts Totara LMS v19.1.5 and earlier, where the forgot password API lacks rate limiting for target email addresses. This underpins a potential Email Bombing attack; the root cause is insufficient request throttling in the forgot password flow. Public details confirm affected prod...