Lucene search
K

200 matches found

The Hacker News
The Hacker News
added 2026/05/26 10:30 a.m.27 views

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

Multi-factor authentication MFA was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.11 views

Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models

Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.5 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS5.3AI score0.00397EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/13 3:31 p.m.3 views

EUVD-2026-21931

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack...

5.8AI score0.00397EPSS
Exploits0References3
NVD
NVD
added 2026/04/13 3:17 p.m.8 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Totara LMS 安全漏洞

Totara LMS is an learning management system provided by the Totara company. Versions of Totara LMS prior to v19.1.5 contained security vulnerabilities. These vulnerabilities stemmed from the forget password API not implementing rate limits on target email addresses, which could lead to email...

9.8CVSS5.8AI score0.00397EPSS
Exploits0References3
CVE
CVE
added 2026/04/13 12:0 a.m.12 views

CVE-2026-31283

CVE-2026-31283 impacts Totara LMS v19.1.5 and earlier, where the forgot password API lacks rate limiting for target email addresses. This underpins a potential Email Bombing attack; the root cause is insufficient request throttling in the forgot password flow. Public details confirm affected prod...

9.8CVSS5.3AI score0.00397EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.2 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

9.8CVSS5.3AI score0.00397EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.29 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

0.00397EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32360

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack...

5.8AI score0.00397EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.4 views

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a ha...

5.3AI score0.00397EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.3 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS0.00644EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

NewStart CGSL MAIN 6.06 (SP) : docker-ce Multiple Vulnerabilities (NS-SA-2026-0011)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has docker-ce packages installed that are affected by multiple vulnerabilities: - runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host...

9.3CVSS7.1AI score0.9857EPSS
Exploits37References33
The Hacker News
The Hacker News
added 2025/12/04 6:52 a.m.5 views

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service DDoS attack that measured at 29.7 terabits per second Tbps. The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.10 views

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

9.8CVSS6.8AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.15 views

CVE-2025-54320

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests...

4.3CVSS6.7AI score0.00287EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 9:32 p.m.5 views

EUVD-2025-198073

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

6.3AI score0.00409EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/18 9:32 p.m.8 views

EUVD-2025-198072

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests...

6.2AI score0.00287EPSS
Exploits0References3
OSV
OSV
added 2025/11/18 7:15 p.m.5 views

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

9.8CVSS5.8AI score0.00409EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 7:15 p.m.4 views

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

9.8CVSS0.00409EPSS
Exploits0References2
Rows per page
Query Builder