Export limit exceeded: 350771 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (633 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62396 | 1 Moodle | 1 Moodle | 2025-11-14 | 5.3 Medium |
| An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured. | ||||
| CVE-2025-62397 | 1 Moodle | 1 Moodle | 2025-11-14 | 5.3 Medium |
| The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. | ||||
| CVE-2025-62398 | 1 Moodle | 1 Moodle | 2025-11-14 | 5.4 Medium |
| A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. | ||||
| CVE-2025-62399 | 1 Moodle | 1 Moodle | 2025-11-14 | 7.5 High |
| Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks. | ||||
| CVE-2025-62400 | 1 Moodle | 1 Moodle | 2025-11-14 | 4.3 Medium |
| Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information. | ||||
| CVE-2025-62401 | 1 Moodle | 1 Moodle | 2025-11-14 | 5.4 Medium |
| An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment. | ||||
| CVE-2025-26530 | 1 Moodle | 1 Moodle | 2025-08-11 | 8.3 High |
| The question bank filter required additional sanitizing to prevent a reflected XSS risk. | ||||
| CVE-2025-26525 | 1 Moodle | 1 Moodle | 2025-08-08 | 8.6 High |
| Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed). | ||||
| CVE-2025-26526 | 1 Moodle | 1 Moodle | 2025-08-08 | 6.5 Medium |
| Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities. | ||||
| CVE-2025-26527 | 1 Moodle | 1 Moodle | 2025-08-08 | 5.3 Medium |
| Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. | ||||
| CVE-2025-26528 | 1 Moodle | 1 Moodle | 2025-08-08 | 3.4 Low |
| The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2025-26529 | 1 Moodle | 1 Moodle | 2025-08-08 | 8.3 High |
| Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2024-38277 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | ||||
| CVE-2024-38274 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 6.1 Medium |
| Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | ||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | ||||
| CVE-2025-26531 | 1 Moodle | 1 Moodle | 2025-08-07 | 3.1 Low |
| Insufficient capability checks made it possible to disable badges a user does not have permission to access. | ||||
| CVE-2025-26532 | 1 Moodle | 1 Moodle | 2025-08-06 | 3.1 Low |
| Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored. | ||||
| CVE-2025-26533 | 1 Moodle | 1 Moodle | 2025-08-06 | 8.1 High |
| An SQL injection risk was identified in the module list filter within course search. | ||||
| CVE-2024-43438 | 1 Moodle | 1 Moodle | 2025-08-05 | 7.5 High |
| A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report. | ||||
| CVE-2024-43436 | 1 Moodle | 1 Moodle | 2025-08-05 | 7.2 High |
| A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators. | ||||