📦 Thorium

CVE-2025-35436 is an uncaught exception vulnerability in CISA Thorium's account verification email handling. An unauthenticated remote attacker can cause a denial of service by triggering a crash via ...

CVE-2025-35431 is an LDAP injection vulnerability in CISA Thorium that allows authenticated attackers to modify LDAP authorization data like group memberships. This affects Thorium versions before 1.1...

CVE-2025-35432 is an uncontrolled resource consumption vulnerability in CISA Thorium where unauthenticated attackers can send unlimited account verification emails to pending users. This allows denial...

CVE-2025-35433 is an authentication bypass vulnerability in CISA Thorium where previously used tokens remain valid after password resets. This allows attackers with old tokens to maintain access to ac...

CISA Thorium versions before 1.1.2 fail to validate TLS certificates when connecting to Elasticsearch, allowing man-in-the-middle attacks. An unauthenticated attacker with network access to a Thorium ...

CVE-2025-35435 is a division-by-zero vulnerability in CISA Thorium that allows authenticated remote attackers to crash the service by sending a stream split size of zero. This affects systems running ...