saykino

8 exploits Active since May 2025
CVE-2026-31283 NOMISEC CRITICAL WRITEUP
Totara LMS <=v19.1.5 - Email Bombing
In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a hard control enforced via flag PWRESET_STATUS_ALREADYSENT, and no further password-reset email messages are sent if this flag is active for a specific email address.
CVSS 9.8
CVE-2026-31281 NOMISEC HIGH WRITEUP
Totara LMS <=v19.1.5 - HTML Injection
Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The supplier states that the product name is Totara Learning and that the functionality referenced is the in app messaging client. They note that the in app messaging client only has the ability to embed a specific allowed list of HTML tags commonly used for text enhancement, which includes italic, bold, underline, strong, etc. Last, they state that the in app messaging client cannot embed <script>, <style>, <iframe>, <object>, <embed>, <form>, <input>, <button>, <svg>, <math>, etc., and any attempt to embed tags or attributes outside of the allowed list (including onerror, onaction, etc.) is sanitized via DOMPurify.
CVSS 8.0
CVE-2026-31282 NOMISEC CRITICAL WRITEUP
Totara LMS <=v19.1.5 - Incorrect Access Control
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because (1) local login is enabled/disabled server side (this is not a client side control); (2) there is no evidence SSO login can be bypassed to allow local login; and (3) there is no evidence that local login can be performed when disabled server side.
CVSS 9.8
CVE-2025-66838 NOMISEC MEDIUM WRITEUP
ARIS < 10.0.23.0.3587512 - Resource Exhaustion via Unrestricted File Upload
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance
CVSS 6.5
CVE-2025-66837 NOMISEC MEDIUM WRITEUP
ARIS < 10.0.23.0.3587512 - Remote Code Execution via Crafted PDF Upload
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware
CVSS 6.8
CVE-2025-54321 NOMISEC CRITICAL WRITEUP
Ascertia SigningHub <= 8.6.8 - Authenticated Email Bombing via Password Reset Function
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests.
CVSS 9.8
CVE-2025-54320 NOMISEC MEDIUM WRITEUP
Ascertia SigningHub <= 8.6.8 - Authenticated Email Bombing via Invite User Function
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.
CVSS 4.3
CVE-2023-34732 NOMISEC MEDIUM WRITEUP
Flytxt NEON-dX < 0.0.1 - Brute Force Attack via UserId Parameter
An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords.
CVSS 5.4