CVE-2025-35432
CVE-2025-35432 (CISA Thorium): Thorium versions prior to 1.1.1 did not rate limit account verification email requests, allowing a remote unauthenticated attacker to flood a user pending verification with unlimited messages. The issue is resolved in 1.1.1 by enabling a default rate limit of 10 min...