VYPR
Vendor

Totara

Products
7
CVEs
14
Across products
16
Status
Private

Products

7

Recent CVEs

14
  • CVE-2026-31283CriApr 13, 2026
    risk 0.64cvss 9.8epss 0.00

    In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime…

  • CVE-2020-29134HigMar 5, 2021
    risk 0.57cvss 8.6epss 0.15

    The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4

  • CVE-2022-37772HigNov 23, 2022
    risk 0.49cvss 7.5epss 0.01

    Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.

  • CVE-2021-44839MedJan 18, 2022
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset…

  • CVE-2023-4710MedSep 1, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier…

  • CVE-2021-44837MedJan 19, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to…

  • CVE-2021-44836MedJan 18, 2022
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened.

  • CVE-2025-9193LowAug 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has…

  • CVE-2024-3931LowApr 18, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads to cross site scripting.…

  • CVE-2023-6275LowNov 24, 2023
    risk 0.23cvss 3.5epss 0.02

    A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user…

  • CVE-2024-3932LowApr 18, 2024
    risk 0.20cvss 3.1epss 0.00

    A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The complexity of an attack is…

  • CVE-2023-4709LowSep 1, 2023
    risk 0.20cvss 3.1epss 0.00

    A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The…

  • CVE-2021-44840LowJan 18, 2022
    risk 0.18cvss 2.7epss 0.01

    An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected…

  • CVE-2024-55210Apr 9, 2025
    risk 0.00cvss epss 0.01

    An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message.