Every CVE whose affected-product data names Cisa Thorium, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-35431 — CVSS 5.4 (medium): CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization…
CVE-2025-35436 — CVSS 5.3 (medium): CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could…
CVE-2025-35432 — CVSS 5.3 (medium): CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited…
CVE-2025-35433 — CVSS 5.0 (medium): CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used…
CVE-2025-35430 — CVSS 5.0 (medium): CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. A remote…
CVE-2025-35435 — CVSS 4.3 (medium): CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to…
CVE-2025-35434 — CVSS 4.2 (medium): CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium…