Lucene search
K

48 matches found

OSV
OSV
added 2026/04/17 12:20 p.m.3 views

MAL-2026-2846 Malicious code in eslint-plugin-totara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96447eb1f41df9da2d8e298530e25265374244a3e23279006ca447a8a5b0c0bd The package eslint-plugin-totara was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 12:20 p.m.7 views

Malicious code in eslint-plugin-totara (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96447eb1f41df9da2d8e298530e25265374244a3e23279006ca447a8a5b0c0bd The package eslint-plugin-totara was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.4 views

CVE-2026-31282

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because 1 local log...

9.8CVSS5.9AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.5 views

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...

8CVSS5.5AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.5 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS5.3AI score0.00397EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 3:31 p.m.3 views

EUVD-2026-21931

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack...

5.8AI score0.00397EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/13 3:31 p.m.3 views

EUVD-2026-21928

Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser...

5.9AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/13 3:31 p.m.3 views

EUVD-2026-21930

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack...

5.8AI score0.0039EPSS
Exploits0References3
NVD
NVD
added 2026/04/13 3:17 p.m.10 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS0.00397EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 3:17 p.m.12 views

CVE-2026-31282

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because 1 local log...

9.8CVSS0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 3:17 p.m.13 views

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...

8CVSS0.00302EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Totara LMS 安全漏洞

Totara LMS is an learning management system provided by the Totara company. Versions of Totara LMS prior to v19.1.5 contained security vulnerabilities. These vulnerabilities were caused by HTML injection, which could allow attackers to send malicious HTML code to all users, thereby hijacking...

8CVSS5.9AI score0.00302EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.2 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS5.3AI score0.00397EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.5 views

Totara LMS 19.1.5 Missing Rate Limiting

Totara LMS versions 19.1.5 and below have a forgot password flow that's missing rate limiting...

5.8AI score0.00397EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.27 views

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...

0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.36 views

CVE-2026-31282

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because 1 local log...

0.0039EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.7 views

CVE-2026-31282

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because 1 local log...

9.8CVSS5.9AI score0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.8 views

PT-2026-32358

Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser...

5.9AI score0.00302EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Totara LMS 安全漏洞

Totara LMS is an learning management system provided by the Totara company. Versions of Totara LMS prior to v19.1.5 contained security vulnerabilities. These vulnerabilities stemmed from the forget password API not implementing rate limits on target email addresses, which could lead to email...

9.8CVSS5.8AI score0.00397EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.3 views

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...

8CVSS5.5AI score0.00302EPSS
Exploits0References3
Rows per page
Query Builder