Total
590 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-48899 | 1 Moodle | 1 Moodle | 2025-06-02 | N/A | 4.3 MEDIUM |
A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to. | |||||
CVE-2024-45691 | 1 Moodle | 1 Moodle | 2025-06-02 | N/A | 5.4 MEDIUM |
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values. | |||||
CVE-2024-45690 | 1 Moodle | 1 Moodle | 2025-06-02 | N/A | 7.5 HIGH |
A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts. | |||||
CVE-2024-45689 | 1 Moodle | 1 Moodle | 2025-06-02 | N/A | 6.5 MEDIUM |
A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access. | |||||
CVE-2024-34009 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 7.5 HIGH |
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | |||||
CVE-2024-34007 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 8.8 HIGH |
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. | |||||
CVE-2024-34006 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 4.3 MEDIUM |
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered. | |||||
CVE-2024-34001 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 8.4 HIGH |
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. | |||||
CVE-2024-34000 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 4.3 MEDIUM |
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk. | |||||
CVE-2024-33999 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 9.8 CRITICAL |
The referrer URL used by MFA required additional sanitizing, rather than being used directly. | |||||
CVE-2024-33998 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 5.4 MEDIUM |
Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features. | |||||
CVE-2024-33997 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 6.1 MEDIUM |
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation. | |||||
CVE-2024-33996 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 6.2 MEDIUM |
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | |||||
CVE-2019-6970 | 1 Moodle | 1 Moodle | 2025-05-30 | 6.0 MEDIUM | 7.5 HIGH |
Moodle 3.5.x before 3.5.4 allows SSRF. | |||||
CVE-2022-40314 | 1 Moodle | 1 Moodle | 2025-05-20 | N/A | 9.8 CRITICAL |
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | |||||
CVE-2022-40313 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | N/A | 7.1 HIGH |
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | |||||
CVE-2022-40316 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | N/A | 4.3 MEDIUM |
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | |||||
CVE-2022-40315 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | N/A | 9.8 CRITICAL |
A limited SQL injection risk was identified in the "browse list of users" site administration page. | |||||
CVE-2024-43435 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 5.3 MEDIUM |
A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary. | |||||
CVE-2024-43433 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 5.3 MEDIUM |
A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users. |