Yazan Abu-Nadi

13 exploits Active since May 2025
CVE-2026-31281 NOMISEC HIGH WRITEUP
Totara LMS <=v19.1.5 - HTML Injection
Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The supplier states that the product name is Totara Learning and that the functionality referenced is the in app messaging client. They note that the in app messaging client only has the ability to embed a specific allowed list of HTML tags commonly used for text enhancement, which includes italic, bold, underline, strong, etc. Last, they state that the in app messaging client cannot embed <script>, <style>, <iframe>, <object>, <embed>, <form>, <input>, <button>, <svg>, <math>, etc., and any attempt to embed tags or attributes outside of the allowed list (including onerror, onaction, etc.) is sanitized via DOMPurify.
CVSS 8.0
CVE-2026-31282 NOMISEC CRITICAL WRITEUP
Totara LMS <=v19.1.5 - Incorrect Access Control
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because (1) local login is enabled/disabled server side (this is not a client side control); (2) there is no evidence SSO login can be bypassed to allow local login; and (3) there is no evidence that local login can be performed when disabled server side.
CVSS 9.8
CVE-2026-31283 NOMISEC CRITICAL WRITEUP
Totara LMS <=v19.1.5 - Email Bombing
In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a hard control enforced via flag PWRESET_STATUS_ALREADYSENT, and no further password-reset email messages are sent if this flag is active for a specific email address.
CVSS 9.8
CVE-2025-66837 NOMISEC MEDIUM WRITEUP
ARIS < 10.0.23.0.3587512 - Remote Code Execution via Crafted PDF Upload
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware
CVSS 6.8
CVE-2025-66838 NOMISEC MEDIUM WRITEUP
ARIS < 10.0.23.0.3587512 - Resource Exhaustion via Unrestricted File Upload
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance
CVSS 6.5
CVE-2025-54321 NOMISEC CRITICAL WRITEUP
Ascertia SigningHub <= 8.6.8 - Authenticated Email Bombing via Password Reset Function
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests.
CVSS 9.8
CVE-2025-54320 NOMISEC MEDIUM WRITEUP
Ascertia SigningHub <= 8.6.8 - Authenticated Email Bombing via Invite User Function
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.
CVSS 4.3
CVE-2023-34732 NOMISEC MEDIUM WRITEUP
Flytxt NEON-dX < 0.0.1 - Brute Force Attack via UserId Parameter
An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords.
CVSS 5.4
CVE-2025-56218 WRITEUP CRITICAL WRITEUP
SigningHub < 8.6.8 - Arbitrary File Upload via Crafted PDF File
An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVSS 9.8
CVE-2025-56219 WRITEUP HIGH WRITEUP
SigningHub < 8.6.8 - Unauthenticated User Account Creation and Denial of Service
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.
CVSS 7.1
CVE-2025-56221 WRITEUP CRITICAL WRITEUP
SigningHub < 8.6.8 - Authentication Bypass via Brute Force Attack
A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack.
CVSS 9.8
CVE-2025-56223 WRITEUP HIGH WRITEUP
SigningHub < 8.6.8 - Denial of Service via UploadStreamDocument Rate Limit Bypass
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.
CVSS 7.5
CVE-2025-56224 WRITEUP HIGH WRITEUP
SigningHub < 8.6.8 - Unauthenticated Brute-Force Attack via OTP Verification Endpoint
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.
CVSS 8.1