| CVE-2025-62401 |
unknown |
— |
— |
|
|
|
7mo ago |
Moodle has a time restriction bypass |
| CVE-2025-62396 |
unknown |
— |
— |
|
|
|
7mo ago |
Moodle's error handling leads to sensitive information disclosure |
| CVE-2025-62393 |
unknown |
— |
— |
|
|
|
7mo ago |
Moodle course access permissions are not properly checked in course_output_fragment_course_overview |
| CVE-2025-62394 |
unknown |
— |
— |
|
|
|
7mo ago |
Moodle sends quiz-related messages to inactive/suspended users |
| CVE-2025-53021 |
unknown |
— |
— |
|
|
|
11mo ago |
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter |
| CVE-2025-3647 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle allows IDOR when accessing the cohorts report |
| CVE-2025-3636 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds |
| CVE-2025-3637 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle's mod_data edit/delete pages pass CSRF token in GET parameter |
| CVE-2025-3640 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users |
| CVE-2025-3635 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has a CSRF risk in user tours manager that allows tour duplication |
| CVE-2025-3645 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has an IDOR in messaging web service which allows access to some user details |
| CVE-2025-3643 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has reflected Cross-site Scripting risk in policy tool |
| CVE-2025-3642 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository |
| CVE-2025-3638 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has a CSRF risk in Brickfield tool's analysis request action |
| CVE-2025-3641 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository |
| CVE-2025-3644 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle's AJAX section delete does not respect course_can_delete_section() |
| CVE-2025-3627 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle makes some user data available before completing second factor with MFA enabled |
| CVE-2025-3634 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle self enrollment available before completing second factor with MFA enabled |
| CVE-2025-32045 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle shows hidden grades to users without permission on some grade reports |
| CVE-2025-32044 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle allows unauthenticated REST API user data exposure |
| CVE-2025-3628 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle reveals student identities through assignment submissions search on anonymous submissions |
| CVE-2025-26532 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle allows teachers to evade trusttext config when restoring glossary entries |
| CVE-2025-26528 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has a stored XSS in ddimageortext question type |
| CVE-2025-26525 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has an arbitrary file read risk through pdfTeX |
| CVE-2025-26531 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has an IDOR in badges allows disabling of arbitrary badges |
| CVE-2025-26527 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block |
| CVE-2025-26529 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has a stored XSS risk in admin live log |
| CVE-2025-26526 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle's feedback response viewing and deletions did not respect Separate Groups mode |
| CVE-2025-26533 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle has a SQL injection risk in course search module list filter |
| CVE-2025-26530 |
unknown |
— |
— |
|
|
|
1y ago |
Moodle allows reflected XSS via question bank filter |
| CVE-2024-48899 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle IDOR when accessing list of course badges |
| CVE-2024-45690 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle IDOR when deleting OAuth2 linked accounts |
| CVE-2024-45691 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Lesson activity password bypass through PHP loose comparison |
| CVE-2024-45689 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle allows users to retrieve information they did not have permission to access |
| CVE-2024-48898 |
unknown |
— |
— |
|
|
|
2y ago |
moodle: Some users can delete audiences of other reports |
| CVE-2024-48897 |
unknown |
— |
— |
|
|
|
2y ago |
moodle: IDOR in edit/delete RSS feed |
| CVE-2024-48896 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle leaks user names |
| CVE-2024-48901 |
unknown |
— |
— |
|
|
|
2y ago |
moodle: IDOR when fetching report schedules |
| CVE-2024-48900 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle IDOR when accessing list of badge recipients |
| CVE-2024-43439 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle reflected XSS via H5P error message |
| CVE-2024-43437 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Cross-site Scripting vulnerability |
| CVE-2024-43433 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle's user/power level management inconsistent with suspended users |
| CVE-2024-43432 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle authorization headers preserved between "emulated redirects" |
| CVE-2024-43429 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle has user information visibility control issues in gradebook reports |
| CVE-2024-43430 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle has insufficient access control |
| CVE-2024-43435 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle has insufficient capability checks |
| CVE-2024-43427 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle admin presets export tool includes some secrets that should not be exported |
| CVE-2024-43440 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle LFI vulnerability when restoring malformed block backups |
| CVE-2024-43436 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle vulnerable to site administration SQL injection via XMLDB editor |
| CVE-2024-43431 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle's IDOR in badges allows deletion of arbitrary badges |
| CVE-2024-43434 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle has CSRF risk in Feedback non-respondents report |
| CVE-2024-43438 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users |
| CVE-2024-43428 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle vulnerable to cache poisoning via injection into storage |
| CVE-2024-43426 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle has arbitrary file read risk through pdfTeX |
| CVE-2024-38277 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle uses the same key for QR login and auto-login |
| CVE-2024-38276 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle CSRF risks due to misuse of confirm_sesskey |
| CVE-2024-38273 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle BigBlueButton web service leaks meeting joining information |
| CVE-2024-38274 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle stored XSS via calendar's event title when deleting the event |
| CVE-2024-38275 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle HTTP authorization header is preserved between "emulated redirects" |
| CVE-2024-34003 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Authenticated LFI risk in some misconfigured shared hosting environments |
| CVE-2024-34006 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Unsanitized HTML in site log for config_log_created |
| CVE-2024-34002 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Authenticated LFI risk in some misconfigured shared hosting environments |
| CVE-2024-34009 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle ReCAPTCHA can be bypassed on the login page |
| CVE-2024-34008 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle CSRF risk in analytics management of models |
| CVE-2024-34004 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Authenticated LFI risk in some misconfigured shared hosting environments |
| CVE-2024-34005 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Authenticated LFI risk in some misconfigured shared hosting environments |
| CVE-2024-34007 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Logout CSRF in admin/tool/mfa/auth.php |
| CVE-2024-34001 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle CSRF risk in admin preset tool management of presets |
| CVE-2024-33999 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Improper Input Validation |
| CVE-2024-34000 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Cross-site Scripting (XSS) |
| CVE-2024-33997 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle stored Cross-site Scripting (XSS) |
| CVE-2024-33996 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle broken access control when setting calendar event type |
| CVE-2024-33998 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Cross-site Scripting (XSS) |
| CVE-2024-28593 |
unknown |
— |
— |
|
|
|
2y ago |
Cross-site Scripting in Moodle Chat |
| CVE-2024-29374 |
unknown |
— |
— |
|
|
|
2y ago |
Cross site scripting in moodle |
| CVE-2024-25978 |
unknown |
— |
— |
|
|
|
2y ago |
Uncontrolled Resource Consumption in moodle |
| CVE-2024-25981 |
unknown |
— |
— |
|
|
|
2y ago |
Improper Access Control in moodle |
| CVE-2024-25979 |
unknown |
— |
— |
|
|
|
2y ago |
Improper Handling of Parameters in moodle |
| CVE-2024-25980 |
unknown |
— |
— |
|
|
|
2y ago |
Improper Access Control in moodle |
| CVE-2024-25983 |
unknown |
— |
— |
|
|
|
2y ago |
Authorization Bypass in moodle |
| CVE-2024-25982 |
unknown |
— |
— |
|
|
|
2y ago |
Cross-Site Request Forgery in moodle |
| CVE-2024-1439 |
unknown |
— |
— |
|
|
|
2y ago |
Moodle Improper Access Control vulnerability |
| CVE-2023-5547 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Cross-site Scripting vulnerability |
| CVE-2023-5544 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Cross-site Scripting vulnerability |
| CVE-2023-5548 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability |
| CVE-2023-5550 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Code Injection vulnerability |
| CVE-2023-5549 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Improper Access Control vulnerability |
| CVE-2023-5551 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability |
| CVE-2023-5545 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability |
| CVE-2023-5539 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Code Injection vulnerability |
| CVE-2023-5541 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Cross-site Scripting vulnerability |
| CVE-2023-5542 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Improper Access Control vulnerability |
| CVE-2023-5540 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Code Injection vulnerability |
| CVE-2023-5546 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle Cross-site Scripting vulnerability |
| CVE-2023-35131 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle vulnerable to Cross-site Scripting |
| CVE-2023-35133 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle vulnerable to Server Side Request Forgery |
| CVE-2023-35132 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle vulnerable to SQL Injection |
| CVE-2021-27131 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle vulnerable to stored Cross-site Scripting |
| CVE-2023-30944 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle SQL Injection vulnerability |
| CVE-2023-30943 |
unknown |
— |
— |
|
|
|
3y ago |
Moodle External Control of File Name or Path vulnerability |
