Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@4.5.0-beta
Typecomposer
Namespacemoodle
Namemoodle
Version4.5.0-beta
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.5.9
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-17k8-g4xw-b7g9
vulnerability_id VCID-17k8-g4xw-b7g9
summary 
Moodle allows IDOR when accessing the cohorts report
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3647
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26654
published_at 2026-06-06T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26664
published_at 2026-06-05T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26561
published_at 2026-06-08T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26616
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3647
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359762
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:45Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359762
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/bd6ec0ac84cf0f73ab35e7e244e1f9b06929083a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/bd6ec0ac84cf0f73ab35e7e244e1f9b06929083a
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467607
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:45Z/
url https://moodle.org/mod/forum/discuss.php?d=467607
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3647
reference_id CVE-2025-3647
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:45Z/
url https://access.redhat.com/security/cve/CVE-2025-3647
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3647
reference_id CVE-2025-3647
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3647
7
reference_url https://github.com/advisories/GHSA-34g7-pg9j-pxgp
reference_id GHSA-34g7-pg9j-pxgp
reference_type
scores
url https://github.com/advisories/GHSA-34g7-pg9j-pxgp
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3647, GHSA-34g7-pg9j-pxgp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17k8-g4xw-b7g9
1
url VCID-1efm-18zh-w7gm
vulnerability_id VCID-1efm-18zh-w7gm
summary Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62400
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18844
published_at 2026-06-06T12:55:00Z
1
value 0.00059
scoring_system epss
scoring_elements 0.18843
published_at 2026-06-05T12:55:00Z
2
value 0.00059
scoring_system epss
scoring_elements 0.18723
published_at 2026-06-08T12:55:00Z
3
value 0.00059
scoring_system epss
scoring_elements 0.18803
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62400
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2404433
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:48:02Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2404433
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/0c70d67059658879a71152ea075c74154a627d05
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0c70d67059658879a71152ea075c74154a627d05
4
reference_url https://moodle.org/mod/forum/discuss.php?d=470389
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=470389
5
reference_url https://access.redhat.com/security/cve/CVE-2025-62400
reference_id CVE-2025-62400
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:48:02Z/
url https://access.redhat.com/security/cve/CVE-2025-62400
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62400
reference_id CVE-2025-62400
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62400
7
reference_url https://github.com/advisories/GHSA-422v-w6c5-vq42
reference_id GHSA-422v-w6c5-vq42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-422v-w6c5-vq42
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.7
purl pkg:composer/moodle/moodle@4.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7
1
url pkg:composer/moodle/moodle@5.0.3
purl pkg:composer/moodle/moodle@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3
aliases CVE-2025-62400, GHSA-422v-w6c5-vq42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1efm-18zh-w7gm
2
url VCID-1wup-hjxg-f7g4
vulnerability_id VCID-1wup-hjxg-f7g4
summary 
Moodle shows hidden grades to users without permission on some grade reports
A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81945
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81945
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32045
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35929
published_at 2026-06-06T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.35847
published_at 2026-06-08T12:55:00Z
2
value 0.00154
scoring_system epss
scoring_elements 0.35888
published_at 2026-06-07T12:55:00Z
3
value 0.00154
scoring_system epss
scoring_elements 0.35919
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32045
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2356835
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:37:20Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2356835
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467086
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=467086
5
reference_url https://access.redhat.com/security/cve/CVE-2025-32045
reference_id CVE-2025-32045
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:37:20Z/
url https://access.redhat.com/security/cve/CVE-2025-32045
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32045
reference_id CVE-2025-32045
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32045
7
reference_url https://github.com/advisories/GHSA-8m7c-hm88-2p97
reference_id GHSA-8m7c-hm88-2p97
reference_type
scores
url https://github.com/advisories/GHSA-8m7c-hm88-2p97
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.3
purl pkg:composer/moodle/moodle@4.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-29mv-feyq-guew
3
vulnerability VCID-3m96-nmxm-tfgz
4
vulnerability VCID-3yre-ft3n-2fd3
5
vulnerability VCID-44zf-1dw7-qkf5
6
vulnerability VCID-4zvp-nmrk-4qbq
7
vulnerability VCID-5snb-dyv3-efe9
8
vulnerability VCID-5xhb-mx3v-fuhs
9
vulnerability VCID-61ry-zz34-8qhj
10
vulnerability VCID-657g-68tv-dkam
11
vulnerability VCID-7trf-g8dq-tua1
12
vulnerability VCID-dky9-v96e-pubh
13
vulnerability VCID-dr5e-6s1a-6uas
14
vulnerability VCID-ey6g-spfk-7bcw
15
vulnerability VCID-f1da-1duc-2uhb
16
vulnerability VCID-ffp4-23na-rkgr
17
vulnerability VCID-hufb-p6pa-63c9
18
vulnerability VCID-j3ts-5ghc-4qct
19
vulnerability VCID-m2a7-q28u-1yfw
20
vulnerability VCID-ueyy-v42v-7ydh
21
vulnerability VCID-vve8-f9s9-v7ft
22
vulnerability VCID-wby4-h9ud-1yh5
23
vulnerability VCID-wjby-arfq-buby
24
vulnerability VCID-wwx4-ns21-k3hd
25
vulnerability VCID-wytb-bryq-yqb4
26
vulnerability VCID-xqha-pgc4-3udb
27
vulnerability VCID-yby1-g45r-rugg
28
vulnerability VCID-ykj6-ptd4-7qfs
29
vulnerability VCID-z693-m8fg-63cc
30
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.3
aliases CVE-2025-32045, GHSA-8m7c-hm88-2p97
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1wup-hjxg-f7g4
3
url VCID-29mv-feyq-guew
vulnerability_id VCID-29mv-feyq-guew
summary 
Moodle has a CSRF risk in user tours manager that allows tour duplication
A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3635
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34587
published_at 2026-06-06T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.3457
published_at 2026-06-05T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.3455
published_at 2026-06-07T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34516
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3635
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359709
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:11Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359709
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/dbd723f81c07423d4082d54cd1d90b1b68c44379
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/dbd723f81c07423d4082d54cd1d90b1b68c44379
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467597
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=467597
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3635
reference_id CVE-2025-3635
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:11Z/
url https://access.redhat.com/security/cve/CVE-2025-3635
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3635
reference_id CVE-2025-3635
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3635
7
reference_url https://github.com/advisories/GHSA-88xj-97gf-7wpq
reference_id GHSA-88xj-97gf-7wpq
reference_type
scores
url https://github.com/advisories/GHSA-88xj-97gf-7wpq
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3635, GHSA-88xj-97gf-7wpq
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29mv-feyq-guew
4
url VCID-3m96-nmxm-tfgz
vulnerability_id VCID-3m96-nmxm-tfgz
summary 
Moodle sends quiz-related messages to inactive/suspended users
Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62394
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16337
published_at 2026-06-06T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.16338
published_at 2026-06-05T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.16213
published_at 2026-06-08T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.16295
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62394
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2404427
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:14:03Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2404427
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/022bfbfb564d8f3866a43d26eed215213bbdd28a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/022bfbfb564d8f3866a43d26eed215213bbdd28a
4
reference_url https://moodle.org/mod/forum/discuss.php?d=470383
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=470383
5
reference_url https://access.redhat.com/security/cve/CVE-2025-62394
reference_id CVE-2025-62394
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:14:03Z/
url https://access.redhat.com/security/cve/CVE-2025-62394
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62394
reference_id CVE-2025-62394
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62394
7
reference_url https://github.com/advisories/GHSA-8fcv-4qp9-pg32
reference_id GHSA-8fcv-4qp9-pg32
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8fcv-4qp9-pg32
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.7
purl pkg:composer/moodle/moodle@4.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7
1
url pkg:composer/moodle/moodle@5.0.3
purl pkg:composer/moodle/moodle@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3
aliases CVE-2025-62394, GHSA-8fcv-4qp9-pg32
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3m96-nmxm-tfgz
5
url VCID-3yre-ft3n-2fd3
vulnerability_id VCID-3yre-ft3n-2fd3
summary 
Moodle has an IDOR in messaging web service which allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3645
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.26664
published_at 2026-06-05T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26654
published_at 2026-06-06T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26561
published_at 2026-06-08T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26616
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3645
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359761
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:48Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359761
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/2fd810c8981f9b10087467a3b8fce779b157200f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/2fd810c8981f9b10087467a3b8fce779b157200f
4
reference_url https://github.com/moodle/moodle/commit/a8179842b450659c288f284e06361a4fbab8742a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a8179842b450659c288f284e06361a4fbab8742a
5
reference_url https://github.com/moodle/moodle/commit/bb65effe41524d8373c1dc499c3323ac469ea558
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/bb65effe41524d8373c1dc499c3323ac469ea558
6
reference_url https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-72704&type=commits
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-72704&type=commits
7
reference_url https://moodle.org/mod/forum/discuss.php?d=467606
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:48Z/
url https://moodle.org/mod/forum/discuss.php?d=467606
8
reference_url https://access.redhat.com/security/cve/CVE-2025-3645
reference_id CVE-2025-3645
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:48Z/
url https://access.redhat.com/security/cve/CVE-2025-3645
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3645
reference_id CVE-2025-3645
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3645
10
reference_url https://github.com/advisories/GHSA-pj96-xh2w-fgqx
reference_id GHSA-pj96-xh2w-fgqx
reference_type
scores
url https://github.com/advisories/GHSA-pj96-xh2w-fgqx
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3645, GHSA-pj96-xh2w-fgqx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yre-ft3n-2fd3
6
url VCID-44zf-1dw7-qkf5
vulnerability_id VCID-44zf-1dw7-qkf5
summary 
Moodle formula injection vulnerability
A flaw was found in Moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67851
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19692
published_at 2026-06-07T12:55:00Z
1
value 0.00063
scoring_system epss
scoring_elements 0.19736
published_at 2026-06-06T12:55:00Z
2
value 0.00063
scoring_system epss
scoring_elements 0.1974
published_at 2026-06-05T12:55:00Z
3
value 0.00063
scoring_system epss
scoring_elements 0.19625
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67851
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423841
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423841
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22
4
reference_url https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd
5
reference_url https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746
6
reference_url https://moodle.org/mod/forum/discuss.php?d=471301
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/
url https://moodle.org/mod/forum/discuss.php?d=471301
7
reference_url https://access.redhat.com/security/cve/CVE-2025-67851
reference_id CVE-2025-67851
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/
url https://access.redhat.com/security/cve/CVE-2025-67851
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67851
reference_id CVE-2025-67851
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67851
9
reference_url https://github.com/advisories/GHSA-qfh6-h7j6-fvjv
reference_id GHSA-qfh6-h7j6-fvjv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfh6-h7j6-fvjv
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67851, GHSA-qfh6-h7j6-fvjv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44zf-1dw7-qkf5
7
url VCID-4zvp-nmrk-4qbq
vulnerability_id VCID-4zvp-nmrk-4qbq
summary 
Moodle Cross-site Scripting (XSS) vulnerability
A flaw was found in Moodle. This Cross-site Scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67849
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00697
published_at 2026-06-06T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00692
published_at 2026-06-08T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00696
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67849
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423835
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423835
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471299
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471299
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67849
reference_id CVE-2025-67849
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://access.redhat.com/security/cve/CVE-2025-67849
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67849
reference_id CVE-2025-67849
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67849
7
reference_url https://github.com/advisories/GHSA-mhf6-pp52-8wqj
reference_id GHSA-mhf6-pp52-8wqj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhf6-pp52-8wqj
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67849, GHSA-mhf6-pp52-8wqj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zvp-nmrk-4qbq
8
url VCID-5snb-dyv3-efe9
vulnerability_id VCID-5snb-dyv3-efe9
summary 
Moodle Open Redirect vulnerability
A flaw was found in Moodle. An Open Redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67852
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03508
published_at 2026-06-08T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03543
published_at 2026-06-06T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03529
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67852
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423844
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423844
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471302
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471302
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67852
reference_id CVE-2025-67852
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/
url https://access.redhat.com/security/cve/CVE-2025-67852
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67852
reference_id CVE-2025-67852
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67852
7
reference_url https://github.com/advisories/GHSA-qv78-6gpp-hm68
reference_id GHSA-qv78-6gpp-hm68
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv78-6gpp-hm68
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67852, GHSA-qv78-6gpp-hm68
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5snb-dyv3-efe9
9
url VCID-5xhb-mx3v-fuhs
vulnerability_id VCID-5xhb-mx3v-fuhs
summary 
Moodle Inserts Sensitive Information Into Sent Data
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67857
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06007
published_at 2026-06-07T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06009
published_at 2026-06-06T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.06023
published_at 2026-06-05T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.05959
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67857
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423868
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423868
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6
4
reference_url https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0
5
reference_url https://moodle.org/mod/forum/discuss.php?d=471307
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/
url https://moodle.org/mod/forum/discuss.php?d=471307
6
reference_url https://access.redhat.com/security/cve/CVE-2025-67857
reference_id CVE-2025-67857
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/
url https://access.redhat.com/security/cve/CVE-2025-67857
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67857
reference_id CVE-2025-67857
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67857
8
reference_url https://github.com/advisories/GHSA-8jrv-wx83-w3xj
reference_id GHSA-8jrv-wx83-w3xj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jrv-wx83-w3xj
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67857, GHSA-8jrv-wx83-w3xj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xhb-mx3v-fuhs
10
url VCID-61ry-zz34-8qhj
vulnerability_id VCID-61ry-zz34-8qhj
summary 
Moodle authentication bypass vulnerability
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67848
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15409
published_at 2026-06-07T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.15449
published_at 2026-06-06T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.15459
published_at 2026-06-05T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15325
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67848
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423831
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423831
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8
4
reference_url https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663
5
reference_url https://moodle.org/mod/forum/discuss.php?d=471298
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://moodle.org/mod/forum/discuss.php?d=471298
6
reference_url https://access.redhat.com/security/cve/CVE-2025-67848
reference_id CVE-2025-67848
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://access.redhat.com/security/cve/CVE-2025-67848
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67848
reference_id CVE-2025-67848
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67848
8
reference_url https://github.com/advisories/GHSA-j5jv-w5cw-j9ff
reference_id GHSA-j5jv-w5cw-j9ff
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j5jv-w5cw-j9ff
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67848, GHSA-j5jv-w5cw-j9ff
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61ry-zz34-8qhj
11
url VCID-657g-68tv-dkam
vulnerability_id VCID-657g-68tv-dkam
summary 
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26047
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26192
published_at 2026-06-06T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.262
published_at 2026-06-05T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.26146
published_at 2026-06-07T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.2609
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26047
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440905
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440905
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c
4
reference_url https://moodle.org/mod/forum/discuss.php?d=473316
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=473316
5
reference_url https://access.redhat.com/security/cve/CVE-2026-26047
reference_id CVE-2026-26047
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/
url https://access.redhat.com/security/cve/CVE-2026-26047
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26047
reference_id CVE-2026-26047
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26047
7
reference_url https://github.com/advisories/GHSA-cg8j-5cr2-568q
reference_id GHSA-cg8j-5cr2-568q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg8j-5cr2-568q
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.9
purl pkg:composer/moodle/moodle@4.5.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.9
1
url pkg:composer/moodle/moodle@5.0.5
purl pkg:composer/moodle/moodle@5.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.5
2
url pkg:composer/moodle/moodle@5.1.2
purl pkg:composer/moodle/moodle@5.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2
aliases CVE-2026-26047, GHSA-cg8j-5cr2-568q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-657g-68tv-dkam
12
url VCID-6cvg-r9am-wbh5
vulnerability_id VCID-6cvg-r9am-wbh5
summary 
Moodle has a SQL injection risk in course search module list filter
An SQL injection risk was identified in the module list filter within course search.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:35:13Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26533
reference_id
reference_type
scores
0
value 0.00402
scoring_system epss
scoring_elements 0.61155
published_at 2026-06-08T12:55:00Z
1
value 0.00402
scoring_system epss
scoring_elements 0.61178
published_at 2026-06-05T12:55:00Z
2
value 0.00402
scoring_system epss
scoring_elements 0.61185
published_at 2026-06-06T12:55:00Z
3
value 0.00402
scoring_system epss
scoring_elements 0.61172
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26533
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/1310e64699807ead6c38ee89354ac57c503c2836
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/1310e64699807ead6c38ee89354ac57c503c2836
4
reference_url https://moodle.org/mod/forum/discuss.php?d=466150
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:35:13Z/
url https://moodle.org/mod/forum/discuss.php?d=466150
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26533
reference_id CVE-2025-26533
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26533
6
reference_url https://github.com/advisories/GHSA-rg56-94j7-hjx9
reference_id GHSA-rg56-94j7-hjx9
reference_type
scores
url https://github.com/advisories/GHSA-rg56-94j7-hjx9
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26533, GHSA-rg56-94j7-hjx9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cvg-r9am-wbh5
13
url VCID-7trf-g8dq-tua1
vulnerability_id VCID-7trf-g8dq-tua1
summary 
Moodle has a time restriction bypass
An issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62401
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.13001
published_at 2026-06-06T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12997
published_at 2026-06-05T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12962
published_at 2026-06-07T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12876
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62401
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2404434
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:38:17Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2404434
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/78a3fe6c618676dfc53ea538abbfe35e60674eeb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/78a3fe6c618676dfc53ea538abbfe35e60674eeb
4
reference_url https://moodle.org/mod/forum/discuss.php?d=470390
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=470390
5
reference_url https://access.redhat.com/security/cve/CVE-2025-62401
reference_id CVE-2025-62401
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:38:17Z/
url https://access.redhat.com/security/cve/CVE-2025-62401
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62401
reference_id CVE-2025-62401
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62401
7
reference_url https://github.com/advisories/GHSA-w29j-8phw-ffjf
reference_id GHSA-w29j-8phw-ffjf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w29j-8phw-ffjf
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.7
purl pkg:composer/moodle/moodle@4.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7
1
url pkg:composer/moodle/moodle@5.0.3
purl pkg:composer/moodle/moodle@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3
aliases CVE-2025-62401, GHSA-w29j-8phw-ffjf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7trf-g8dq-tua1
14
url VCID-8uah-srba-6ubb
vulnerability_id VCID-8uah-srba-6ubb
summary 
Moodle has an IDOR in badges allows disabling of arbitrary badges
Insufficient capability checks made it possible to disable badges a user does not have permission to access.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:42Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26531
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57357
published_at 2026-06-08T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57372
published_at 2026-06-05T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.57381
published_at 2026-06-06T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.5737
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26531
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=466148
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:42Z/
url https://moodle.org/mod/forum/discuss.php?d=466148
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26531
reference_id CVE-2025-26531
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26531
5
reference_url https://github.com/advisories/GHSA-g88w-v4cq-qgcp
reference_id GHSA-g88w-v4cq-qgcp
reference_type
scores
url https://github.com/advisories/GHSA-g88w-v4cq-qgcp
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26531, GHSA-g88w-v4cq-qgcp
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uah-srba-6ubb
15
url VCID-a1ek-x154-5ydy
vulnerability_id VCID-a1ek-x154-5ydy
summary 
Moodle has an arbitrary file read risk through pdfTeX
Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as
those with TeX Live installed).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26525
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43751
published_at 2026-06-08T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.43785
published_at 2026-06-07T12:55:00Z
2
value 0.00212
scoring_system epss
scoring_elements 0.4381
published_at 2026-06-06T12:55:00Z
3
value 0.00212
scoring_system epss
scoring_elements 0.438
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26525
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:59:34Z/
url https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136
3
reference_url https://moodle.org/mod/forum/discuss.php?d=466141
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:59:34Z/
url https://moodle.org/mod/forum/discuss.php?d=466141
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26525
reference_id CVE-2025-26525
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26525
5
reference_url https://github.com/advisories/GHSA-4hmr-39vp-xfrr
reference_id GHSA-4hmr-39vp-xfrr
reference_type
scores
url https://github.com/advisories/GHSA-4hmr-39vp-xfrr
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26525, GHSA-4hmr-39vp-xfrr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a1ek-x154-5ydy
16
url VCID-dky9-v96e-pubh
vulnerability_id VCID-dky9-v96e-pubh
summary 
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3641
reference_id
reference_type
scores
0
value 0.00667
scoring_system epss
scoring_elements 0.71705
published_at 2026-06-06T12:55:00Z
1
value 0.00667
scoring_system epss
scoring_elements 0.71699
published_at 2026-06-05T12:55:00Z
2
value 0.00667
scoring_system epss
scoring_elements 0.71667
published_at 2026-06-08T12:55:00Z
3
value 0.00667
scoring_system epss
scoring_elements 0.71681
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3641
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359735
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:41Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359735
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/27b839b5c60389623ca8e3496792b43a44527cd6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/27b839b5c60389623ca8e3496792b43a44527cd6
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467602
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:41Z/
url https://moodle.org/mod/forum/discuss.php?d=467602
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3641
reference_id CVE-2025-3641
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:41Z/
url https://access.redhat.com/security/cve/CVE-2025-3641
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3641
reference_id CVE-2025-3641
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3641
7
reference_url https://github.com/advisories/GHSA-c8v6-vxhf-wcrr
reference_id GHSA-c8v6-vxhf-wcrr
reference_type
scores
url https://github.com/advisories/GHSA-c8v6-vxhf-wcrr
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3641, GHSA-c8v6-vxhf-wcrr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dky9-v96e-pubh
17
url VCID-dr5e-6s1a-6uas
vulnerability_id VCID-dr5e-6s1a-6uas
summary 
Moodle does not properly enforce MFA
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62398
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.21366
published_at 2026-06-07T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.21411
published_at 2026-06-06T12:55:00Z
2
value 0.00069
scoring_system epss
scoring_elements 0.21425
published_at 2026-06-05T12:55:00Z
3
value 0.00069
scoring_system epss
scoring_elements 0.21302
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62398
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2404431
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:57:39Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2404431
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/67005f8b2098096f4c7ca4f78ab9ce69415d703b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/67005f8b2098096f4c7ca4f78ab9ce69415d703b
4
reference_url https://github.com/moodle/moodle/commit/a2078f781ae065ca1f781bd159c7615c84afcaa5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a2078f781ae065ca1f781bd159c7615c84afcaa5
5
reference_url https://moodle.org/mod/forum/discuss.php?d=470387
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=470387
6
reference_url https://access.redhat.com/security/cve/CVE-2025-62398
reference_id CVE-2025-62398
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:57:39Z/
url https://access.redhat.com/security/cve/CVE-2025-62398
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62398
reference_id CVE-2025-62398
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62398
8
reference_url https://github.com/advisories/GHSA-25wf-7x6c-wmpf
reference_id GHSA-25wf-7x6c-wmpf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-25wf-7x6c-wmpf
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.7
purl pkg:composer/moodle/moodle@4.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7
1
url pkg:composer/moodle/moodle@5.0.3
purl pkg:composer/moodle/moodle@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3
aliases CVE-2025-62398, GHSA-25wf-7x6c-wmpf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dr5e-6s1a-6uas
18
url VCID-ey6g-spfk-7bcw
vulnerability_id VCID-ey6g-spfk-7bcw
summary 
Moodle's error handling leads to sensitive information disclosure
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62396
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13593
published_at 2026-06-05T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13598
published_at 2026-06-06T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.1347
published_at 2026-06-08T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13556
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62396
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2404429
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:12:55Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2404429
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/5d4910509eeaac8403d18ec8f259e29d2f11527e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/5d4910509eeaac8403d18ec8f259e29d2f11527e
4
reference_url https://github.com/moodle/moodle/commit/5e7d5abc483d0511ebfc2042075eabcc392ff4ce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/5e7d5abc483d0511ebfc2042075eabcc392ff4ce
5
reference_url https://moodle.org/mod/forum/discuss.php?d=470385
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=470385
6
reference_url https://access.redhat.com/security/cve/CVE-2025-62396
reference_id CVE-2025-62396
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:12:55Z/
url https://access.redhat.com/security/cve/CVE-2025-62396
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62396
reference_id CVE-2025-62396
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62396
8
reference_url https://github.com/advisories/GHSA-c5cj-xp43-qcc3
reference_id GHSA-c5cj-xp43-qcc3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5cj-xp43-qcc3
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.7
purl pkg:composer/moodle/moodle@4.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7
1
url pkg:composer/moodle/moodle@5.0.3
purl pkg:composer/moodle/moodle@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3
aliases CVE-2025-62396, GHSA-c5cj-xp43-qcc3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ey6g-spfk-7bcw
19
url VCID-f1da-1duc-2uhb
vulnerability_id VCID-f1da-1duc-2uhb
summary 
Moodle Affected by Improper Restriction of Excessive Authentication Attempts
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67853
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10906
published_at 2026-06-06T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10793
published_at 2026-06-08T12:55:00Z
2
value 0.00035
scoring_system epss
scoring_elements 0.10872
published_at 2026-06-07T12:55:00Z
3
value 0.00035
scoring_system epss
scoring_elements 0.10917
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67853
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423847
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423847
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=471303
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471303
4
reference_url https://access.redhat.com/security/cve/CVE-2025-67853
reference_id CVE-2025-67853
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/
url https://access.redhat.com/security/cve/CVE-2025-67853
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67853
reference_id CVE-2025-67853
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67853
6
reference_url https://github.com/advisories/GHSA-5cx4-w4fh-fr57
reference_id GHSA-5cx4-w4fh-fr57
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cx4-w4fh-fr57
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67853, GHSA-5cx4-w4fh-fr57
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1da-1duc-2uhb
20
url VCID-ffp4-23na-rkgr
vulnerability_id VCID-ffp4-23na-rkgr
summary 
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3642
reference_id
reference_type
scores
0
value 0.00667
scoring_system epss
scoring_elements 0.71705
published_at 2026-06-06T12:55:00Z
1
value 0.00667
scoring_system epss
scoring_elements 0.71699
published_at 2026-06-05T12:55:00Z
2
value 0.00667
scoring_system epss
scoring_elements 0.71667
published_at 2026-06-08T12:55:00Z
3
value 0.00667
scoring_system epss
scoring_elements 0.71681
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3642
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359738
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:37Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359738
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/630fbf6230ee18d63ce69bea34173fb151b599da
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/630fbf6230ee18d63ce69bea34173fb151b599da
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467603
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:37Z/
url https://moodle.org/mod/forum/discuss.php?d=467603
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3642
reference_id CVE-2025-3642
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:37Z/
url https://access.redhat.com/security/cve/CVE-2025-3642
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3642
reference_id CVE-2025-3642
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3642
7
reference_url https://github.com/advisories/GHSA-m367-445c-2xqr
reference_id GHSA-m367-445c-2xqr
reference_type
scores
url https://github.com/advisories/GHSA-m367-445c-2xqr
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3642, GHSA-m367-445c-2xqr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ffp4-23na-rkgr
21
url VCID-gwnb-e3gt-kqcb
vulnerability_id VCID-gwnb-e3gt-kqcb
summary 
Moodle allows teachers to evade trusttext config when restoring glossary entries
Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:04Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26532
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57338
published_at 2026-06-08T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57354
published_at 2026-06-05T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.57362
published_at 2026-06-06T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.5735
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26532
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=466149
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:04Z/
url https://moodle.org/mod/forum/discuss.php?d=466149
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26532
reference_id CVE-2025-26532
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26532
5
reference_url https://github.com/advisories/GHSA-cw24-f6fq-7j9v
reference_id GHSA-cw24-f6fq-7j9v
reference_type
scores
url https://github.com/advisories/GHSA-cw24-f6fq-7j9v
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26532, GHSA-cw24-f6fq-7j9v
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwnb-e3gt-kqcb
22
url VCID-gzdw-424p-mqfa
vulnerability_id VCID-gzdw-424p-mqfa
summary 
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block
Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:57:30Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26527
reference_id
reference_type
scores
0
value 0.00365
scoring_system epss
scoring_elements 0.58819
published_at 2026-06-08T12:55:00Z
1
value 0.00365
scoring_system epss
scoring_elements 0.58836
published_at 2026-06-05T12:55:00Z
2
value 0.00365
scoring_system epss
scoring_elements 0.58842
published_at 2026-06-06T12:55:00Z
3
value 0.00365
scoring_system epss
scoring_elements 0.58835
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26527
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=466143
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:57:30Z/
url https://moodle.org/mod/forum/discuss.php?d=466143
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26527
reference_id CVE-2025-26527
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26527
5
reference_url https://github.com/advisories/GHSA-5r85-6h7f-rg3r
reference_id GHSA-5r85-6h7f-rg3r
reference_type
scores
url https://github.com/advisories/GHSA-5r85-6h7f-rg3r
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26527, GHSA-5r85-6h7f-rg3r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzdw-424p-mqfa
23
url VCID-hufb-p6pa-63c9
vulnerability_id VCID-hufb-p6pa-63c9
summary 
Moodle has an authorization logic flaw
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67856
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06509
published_at 2026-06-06T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06512
published_at 2026-06-05T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06457
published_at 2026-06-08T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06499
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67856
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423864
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423864
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471306
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471306
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67856
reference_id CVE-2025-67856
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/
url https://access.redhat.com/security/cve/CVE-2025-67856
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67856
reference_id CVE-2025-67856
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67856
7
reference_url https://github.com/advisories/GHSA-hcm6-q6pc-xfhm
reference_id GHSA-hcm6-q6pc-xfhm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcm6-q6pc-xfhm
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67856, GHSA-hcm6-q6pc-xfhm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hufb-p6pa-63c9
24
url VCID-j3ts-5ghc-4qct
vulnerability_id VCID-j3ts-5ghc-4qct
summary 
Moodle has a Remote Code Execution risk via file restore
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26045
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29549
published_at 2026-06-06T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29587
published_at 2026-06-05T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29484
published_at 2026-06-08T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29516
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26045
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440901
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440901
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da
4
reference_url https://moodle.org/mod/forum/discuss.php?d=473314
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=473314
5
reference_url https://access.redhat.com/security/cve/CVE-2026-26045
reference_id CVE-2026-26045
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/
url https://access.redhat.com/security/cve/CVE-2026-26045
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26045
reference_id CVE-2026-26045
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26045
7
reference_url https://github.com/advisories/GHSA-ggxq-2mg9-8966
reference_id GHSA-ggxq-2mg9-8966
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ggxq-2mg9-8966
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.9
purl pkg:composer/moodle/moodle@4.5.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.9
1
url pkg:composer/moodle/moodle@5.0.5
purl pkg:composer/moodle/moodle@5.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.5
2
url pkg:composer/moodle/moodle@5.1.2
purl pkg:composer/moodle/moodle@5.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2
aliases CVE-2026-26045, GHSA-ggxq-2mg9-8966
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ts-5ghc-4qct
25
url VCID-m2a7-q28u-1yfw
vulnerability_id VCID-m2a7-q28u-1yfw
summary 
Moodle vulnerable to brute-force password guesses
Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62399
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25228
published_at 2026-06-06T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25243
published_at 2026-06-05T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.25177
published_at 2026-06-07T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.2512
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62399
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2404432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:51:39Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2404432
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/e4d02567c922c537086de9f59f063ca073552a3a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/e4d02567c922c537086de9f59f063ca073552a3a
4
reference_url https://moodle.org/mod/forum/discuss.php?d=470388
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=470388
5
reference_url https://access.redhat.com/security/cve/CVE-2025-62399
reference_id CVE-2025-62399
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:51:39Z/
url https://access.redhat.com/security/cve/CVE-2025-62399
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62399
reference_id CVE-2025-62399
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62399
7
reference_url https://github.com/advisories/GHSA-m58f-9pvv-8mp2
reference_id GHSA-m58f-9pvv-8mp2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m58f-9pvv-8mp2
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.7
purl pkg:composer/moodle/moodle@4.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7
1
url pkg:composer/moodle/moodle@5.0.3
purl pkg:composer/moodle/moodle@5.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44zf-1dw7-qkf5
1
vulnerability VCID-4zvp-nmrk-4qbq
2
vulnerability VCID-5snb-dyv3-efe9
3
vulnerability VCID-5xhb-mx3v-fuhs
4
vulnerability VCID-61ry-zz34-8qhj
5
vulnerability VCID-657g-68tv-dkam
6
vulnerability VCID-f1da-1duc-2uhb
7
vulnerability VCID-hufb-p6pa-63c9
8
vulnerability VCID-j3ts-5ghc-4qct
9
vulnerability VCID-wby4-h9ud-1yh5
10
vulnerability VCID-yby1-g45r-rugg
11
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3
aliases CVE-2025-62399, GHSA-m58f-9pvv-8mp2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2a7-q28u-1yfw
26
url VCID-nctp-rev5-puej
vulnerability_id VCID-nctp-rev5-puej
summary 
Moodle allows reflected XSS via question bank filter
The question bank filter required additional sanitizing to prevent a reflected XSS risk.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84146
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T20:05:56Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84146
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26530
reference_id
reference_type
scores
0
value 0.00957
scoring_system epss
scoring_elements 0.76812
published_at 2026-06-08T12:55:00Z
1
value 0.00957
scoring_system epss
scoring_elements 0.76825
published_at 2026-06-05T12:55:00Z
2
value 0.00957
scoring_system epss
scoring_elements 0.76832
published_at 2026-06-06T12:55:00Z
3
value 0.00957
scoring_system epss
scoring_elements 0.76823
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26530
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=466146
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T20:05:56Z/
url https://moodle.org/mod/forum/discuss.php?d=466146
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26530
reference_id CVE-2025-26530
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26530
5
reference_url https://github.com/advisories/GHSA-4w32-c9g7-27qx
reference_id GHSA-4w32-c9g7-27qx
reference_type
scores
url https://github.com/advisories/GHSA-4w32-c9g7-27qx
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26530, GHSA-4w32-c9g7-27qx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nctp-rev5-puej
27
url VCID-pd2f-4kxt-bkgp
vulnerability_id VCID-pd2f-4kxt-bkgp
summary 
Moodle's feedback response viewing and deletions did not respect Separate Groups mode
Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback
activities.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79976
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:58:41Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79976
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26526
reference_id
reference_type
scores
0
value 0.00381
scoring_system epss
scoring_elements 0.59843
published_at 2026-06-08T12:55:00Z
1
value 0.00381
scoring_system epss
scoring_elements 0.59868
published_at 2026-06-05T12:55:00Z
2
value 0.00381
scoring_system epss
scoring_elements 0.59871
published_at 2026-06-06T12:55:00Z
3
value 0.00381
scoring_system epss
scoring_elements 0.59862
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26526
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=466142
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:58:41Z/
url https://moodle.org/mod/forum/discuss.php?d=466142
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26526
reference_id CVE-2025-26526
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26526
5
reference_url https://github.com/advisories/GHSA-pxg4-xjp7-w9c5
reference_id GHSA-pxg4-xjp7-w9c5
reference_type
scores
url https://github.com/advisories/GHSA-pxg4-xjp7-w9c5
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26526, GHSA-pxg4-xjp7-w9c5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pd2f-4kxt-bkgp
28
url VCID-rcr9-z41f-sqbr
vulnerability_id VCID-rcr9-z41f-sqbr
summary 
Moodle's mod_data edit/delete pages pass CSRF token in GET parameter
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-65356
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:02Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-65356
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3637
reference_id
reference_type
scores
0
value 0.00129
scoring_system epss
scoring_elements 0.31883
published_at 2026-06-06T12:55:00Z
1
value 0.00129
scoring_system epss
scoring_elements 0.31915
published_at 2026-06-05T12:55:00Z
2
value 0.00129
scoring_system epss
scoring_elements 0.31845
published_at 2026-06-07T12:55:00Z
3
value 0.00129
scoring_system epss
scoring_elements 0.31811
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3637
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359727
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:02Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359727
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/052007b7324ef24aebe36a876ffa4fa97fac4f81
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/052007b7324ef24aebe36a876ffa4fa97fac4f81
5
reference_url https://moodle.org/mod/forum/discuss.php?d=467599
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=467599
6
reference_url https://access.redhat.com/security/cve/CVE-2025-3637
reference_id CVE-2025-3637
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:02Z/
url https://access.redhat.com/security/cve/CVE-2025-3637
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3637
reference_id CVE-2025-3637
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3637
8
reference_url https://github.com/advisories/GHSA-9vc3-vm42-fjhm
reference_id GHSA-9vc3-vm42-fjhm
reference_type
scores
url https://github.com/advisories/GHSA-9vc3-vm42-fjhm
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3637, GHSA-9vc3-vm42-fjhm
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcr9-z41f-sqbr
29
url VCID-rgq5-458d-1fhg
vulnerability_id VCID-rgq5-458d-1fhg
summary 
Moodle allows unauthenticated REST API user data exposure
A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites where PHP is configured with zend.exception_ignore_args = 'On' or zend.exception_ignore_args = 1 in the relevant php.ini file are NOT affected by this vulnerability. Sites that do not have the zend.exception_ignore_args setting enabled and are using the internal Moodle LMS authentication system are affected by this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32044
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33904
published_at 2026-06-05T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33918
published_at 2026-06-06T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.33849
published_at 2026-06-08T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.33883
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32044
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2356829
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:37:23Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2356829
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/41917db65e6b3dba3bf3d805a8599e6752655646
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/41917db65e6b3dba3bf3d805a8599e6752655646
4
reference_url https://access.redhat.com/security/cve/CVE-2025-32044
reference_id CVE-2025-32044
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:37:23Z/
url https://access.redhat.com/security/cve/CVE-2025-32044
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32044
reference_id CVE-2025-32044
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32044
6
reference_url https://github.com/advisories/GHSA-345q-9jmq-g9q4
reference_id GHSA-345q-9jmq-g9q4
reference_type
scores
url https://github.com/advisories/GHSA-345q-9jmq-g9q4
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.3
purl pkg:composer/moodle/moodle@4.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-29mv-feyq-guew
3
vulnerability VCID-3m96-nmxm-tfgz
4
vulnerability VCID-3yre-ft3n-2fd3
5
vulnerability VCID-44zf-1dw7-qkf5
6
vulnerability VCID-4zvp-nmrk-4qbq
7
vulnerability VCID-5snb-dyv3-efe9
8
vulnerability VCID-5xhb-mx3v-fuhs
9
vulnerability VCID-61ry-zz34-8qhj
10
vulnerability VCID-657g-68tv-dkam
11
vulnerability VCID-7trf-g8dq-tua1
12
vulnerability VCID-dky9-v96e-pubh
13
vulnerability VCID-dr5e-6s1a-6uas
14
vulnerability VCID-ey6g-spfk-7bcw
15
vulnerability VCID-f1da-1duc-2uhb
16
vulnerability VCID-ffp4-23na-rkgr
17
vulnerability VCID-hufb-p6pa-63c9
18
vulnerability VCID-j3ts-5ghc-4qct
19
vulnerability VCID-m2a7-q28u-1yfw
20
vulnerability VCID-ueyy-v42v-7ydh
21
vulnerability VCID-vve8-f9s9-v7ft
22
vulnerability VCID-wby4-h9ud-1yh5
23
vulnerability VCID-wjby-arfq-buby
24
vulnerability VCID-wwx4-ns21-k3hd
25
vulnerability VCID-wytb-bryq-yqb4
26
vulnerability VCID-xqha-pgc4-3udb
27
vulnerability VCID-yby1-g45r-rugg
28
vulnerability VCID-ykj6-ptd4-7qfs
29
vulnerability VCID-z693-m8fg-63cc
30
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.3
aliases CVE-2025-32044, GHSA-345q-9jmq-g9q4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgq5-458d-1fhg
30
url VCID-sgdq-5ha7-nfh2
vulnerability_id VCID-sgdq-5ha7-nfh2
summary 
Moodle has a stored XSS in ddimageortext question type
The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82896
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T20:03:52Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82896
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26528
reference_id
reference_type
scores
0
value 0.00706
scoring_system epss
scoring_elements 0.72544
published_at 2026-06-08T12:55:00Z
1
value 0.00706
scoring_system epss
scoring_elements 0.72569
published_at 2026-06-05T12:55:00Z
2
value 0.00706
scoring_system epss
scoring_elements 0.72576
published_at 2026-06-06T12:55:00Z
3
value 0.00706
scoring_system epss
scoring_elements 0.72557
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26528
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=466144
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T20:03:52Z/
url https://moodle.org/mod/forum/discuss.php?d=466144
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26528
reference_id CVE-2025-26528
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26528
5
reference_url https://github.com/advisories/GHSA-h697-w4ph-7pcx
reference_id GHSA-h697-w4ph-7pcx
reference_type
scores
url https://github.com/advisories/GHSA-h697-w4ph-7pcx
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26528, GHSA-h697-w4ph-7pcx
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgdq-5ha7-nfh2
31
url VCID-ueyy-v42v-7ydh
vulnerability_id VCID-ueyy-v42v-7ydh
summary 
Moodle has reflected Cross-site Scripting risk in policy tool
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3643
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32073
published_at 2026-06-06T12:55:00Z
1
value 0.0013
scoring_system epss
scoring_elements 0.32105
published_at 2026-06-05T12:55:00Z
2
value 0.0013
scoring_system epss
scoring_elements 0.32004
published_at 2026-06-08T12:55:00Z
3
value 0.0013
scoring_system epss
scoring_elements 0.32036
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3643
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359742
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:55Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359742
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/ff9bbd6d9e7d6267ce85e6c9afbeb19581f2a85f
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ff9bbd6d9e7d6267ce85e6c9afbeb19581f2a85f
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467604
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:55Z/
url https://moodle.org/mod/forum/discuss.php?d=467604
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3643
reference_id CVE-2025-3643
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:55Z/
url https://access.redhat.com/security/cve/CVE-2025-3643
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3643
reference_id CVE-2025-3643
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3643
7
reference_url https://github.com/advisories/GHSA-hxgg-4qww-85ph
reference_id GHSA-hxgg-4qww-85ph
reference_type
scores
url https://github.com/advisories/GHSA-hxgg-4qww-85ph
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3643, GHSA-hxgg-4qww-85ph
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ueyy-v42v-7ydh
32
url VCID-vve8-f9s9-v7ft
vulnerability_id VCID-vve8-f9s9-v7ft
summary 
Moodle's AJAX section delete does not respect course_can_delete_section()
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3644
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.3883
published_at 2026-06-06T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38774
published_at 2026-06-08T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38826
published_at 2026-06-05T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.38802
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3644
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359745
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359745
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-83994&type=commits
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-83994&type=commits
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467605
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:51Z/
url https://moodle.org/mod/forum/discuss.php?d=467605
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3644
reference_id CVE-2025-3644
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:51Z/
url https://access.redhat.com/security/cve/CVE-2025-3644
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3644
reference_id CVE-2025-3644
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3644
7
reference_url https://github.com/advisories/GHSA-cpm7-mv33-jwf8
reference_id GHSA-cpm7-mv33-jwf8
reference_type
scores
url https://github.com/advisories/GHSA-cpm7-mv33-jwf8
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3644, GHSA-cpm7-mv33-jwf8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vve8-f9s9-v7ft
33
url VCID-wby4-h9ud-1yh5
vulnerability_id VCID-wby4-h9ud-1yh5
summary 
Moodle vulnerable to Cross-site Scripting
A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67850
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01942
published_at 2026-06-06T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01935
published_at 2026-06-05T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01932
published_at 2026-06-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01919
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67850
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423838
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423838
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471300
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471300
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67850
reference_id CVE-2025-67850
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/
url https://access.redhat.com/security/cve/CVE-2025-67850
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67850
reference_id CVE-2025-67850
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67850
7
reference_url https://github.com/advisories/GHSA-6mmv-f6c6-v6q8
reference_id GHSA-6mmv-f6c6-v6q8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mmv-f6c6-v6q8
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67850, GHSA-6mmv-f6c6-v6q8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wby4-h9ud-1yh5
34
url VCID-wjby-arfq-buby
vulnerability_id VCID-wjby-arfq-buby
summary 
Moodle reveals student identities through assignment submissions search on anonymous submissions
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3628
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.2913
published_at 2026-06-06T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29163
published_at 2026-06-05T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29062
published_at 2026-06-08T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29096
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3628
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359706
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:14Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359706
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/5c703f7b4944dd0cc940ca20adfd91e6a2d98a66
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/5c703f7b4944dd0cc940ca20adfd91e6a2d98a66
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467595
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=467595
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3628
reference_id CVE-2025-3628
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:14Z/
url https://access.redhat.com/security/cve/CVE-2025-3628
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3628
reference_id CVE-2025-3628
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3628
7
reference_url https://github.com/advisories/GHSA-69m9-rprc-2x7g
reference_id GHSA-69m9-rprc-2x7g
reference_type
scores
url https://github.com/advisories/GHSA-69m9-rprc-2x7g
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3628, GHSA-69m9-rprc-2x7g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjby-arfq-buby
35
url VCID-wwx4-ns21-k3hd
vulnerability_id VCID-wwx4-ns21-k3hd
summary 
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3640
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.37071
published_at 2026-06-06T12:55:00Z
1
value 0.00163
scoring_system epss
scoring_elements 0.37064
published_at 2026-06-05T12:55:00Z
2
value 0.00163
scoring_system epss
scoring_elements 0.37
published_at 2026-06-08T12:55:00Z
3
value 0.00163
scoring_system epss
scoring_elements 0.37039
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3640
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359734
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:58Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359734
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/64a4311266cbe9a9a942c836931bef224018b77d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/64a4311266cbe9a9a942c836931bef224018b77d
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467601
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:58Z/
url https://moodle.org/mod/forum/discuss.php?d=467601
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3640
reference_id CVE-2025-3640
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:58Z/
url https://access.redhat.com/security/cve/CVE-2025-3640
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3640
reference_id CVE-2025-3640
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3640
7
reference_url https://github.com/advisories/GHSA-6g5x-h5x7-q4mq
reference_id GHSA-6g5x-h5x7-q4mq
reference_type
scores
url https://github.com/advisories/GHSA-6g5x-h5x7-q4mq
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3640, GHSA-6g5x-h5x7-q4mq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwx4-ns21-k3hd
36
url VCID-wytb-bryq-yqb4
vulnerability_id VCID-wytb-bryq-yqb4
summary 
Moodle has a CSRF risk in Brickfield tool's analysis request action
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3638
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.4654
published_at 2026-06-07T12:55:00Z
1
value 0.00235
scoring_system epss
scoring_elements 0.46514
published_at 2026-06-08T12:55:00Z
2
value 0.00235
scoring_system epss
scoring_elements 0.4656
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3638
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359732
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359732
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/91e6ad43ed2522f9c1c4094e565b5a7e5b348728
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/91e6ad43ed2522f9c1c4094e565b5a7e5b348728
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467600
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/
url https://moodle.org/mod/forum/discuss.php?d=467600
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3638
reference_id CVE-2025-3638
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/
url https://access.redhat.com/security/cve/CVE-2025-3638
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3638
reference_id CVE-2025-3638
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3638
7
reference_url https://github.com/advisories/GHSA-m8qh-hx4c-h9hr
reference_id GHSA-m8qh-hx4c-h9hr
reference_type
scores
url https://github.com/advisories/GHSA-m8qh-hx4c-h9hr
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3638, GHSA-m8qh-hx4c-h9hr
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wytb-bryq-yqb4
37
url VCID-xqha-pgc4-3udb
vulnerability_id VCID-xqha-pgc4-3udb
summary 
Moodle self enrollment available before completing second factor with MFA enabled
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3634
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35209
published_at 2026-06-06T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35193
published_at 2026-06-05T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35137
published_at 2026-06-08T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35172
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3634
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359707
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T14:23:56Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359707
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/b0965139014b459c3cb96e4fff45af4d5e09e261
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/b0965139014b459c3cb96e4fff45af4d5e09e261
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467596
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=467596
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3634
reference_id CVE-2025-3634
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T14:23:56Z/
url https://access.redhat.com/security/cve/CVE-2025-3634
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3634
reference_id CVE-2025-3634
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3634
7
reference_url https://github.com/advisories/GHSA-qhc7-xhc2-7p7w
reference_id GHSA-qhc7-xhc2-7p7w
reference_type
scores
url https://github.com/advisories/GHSA-qhc7-xhc2-7p7w
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3634, GHSA-qhc7-xhc2-7p7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqha-pgc4-3udb
38
url VCID-yby1-g45r-rugg
vulnerability_id VCID-yby1-g45r-rugg
summary 
Moodle vulnerable to Cross-site Scripting
A flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67855
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11794
published_at 2026-06-06T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.118
published_at 2026-06-05T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11678
published_at 2026-06-08T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11759
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67855
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423861
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423861
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471305
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471305
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67855
reference_id CVE-2025-67855
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/
url https://access.redhat.com/security/cve/CVE-2025-67855
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67855
reference_id CVE-2025-67855
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67855
7
reference_url https://github.com/advisories/GHSA-vwhw-vp9v-q9c9
reference_id GHSA-vwhw-vp9v-q9c9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vwhw-vp9v-q9c9
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67855, GHSA-vwhw-vp9v-q9c9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yby1-g45r-rugg
39
url VCID-ykj6-ptd4-7qfs
vulnerability_id VCID-ykj6-ptd4-7qfs
summary 
Moodle affected by a code injection vulnerability
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67847
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.0898
published_at 2026-06-07T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08933
published_at 2026-06-08T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09
published_at 2026-06-06T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08982
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67847
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=471297#p1892199
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471297#p1892199
3
reference_url https://access.redhat.com/security/cve/CVE-2025-67847
reference_id CVE-2025-67847
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:19Z/
url https://access.redhat.com/security/cve/CVE-2025-67847
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67847
reference_id CVE-2025-67847
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67847
5
reference_url https://github.com/advisories/GHSA-xvmh-25jw-gmmm
reference_id GHSA-xvmh-25jw-gmmm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xvmh-25jw-gmmm
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.8
purl pkg:composer/moodle/moodle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8
1
url pkg:composer/moodle/moodle@5.0.4
purl pkg:composer/moodle/moodle@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4
2
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67847, GHSA-xvmh-25jw-gmmm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykj6-ptd4-7qfs
40
url VCID-z693-m8fg-63cc
vulnerability_id VCID-z693-m8fg-63cc
summary 
Moodle makes some user data available before completing second factor with MFA enabled
A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3627
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.26913
published_at 2026-06-06T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.2682
published_at 2026-06-08T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.26922
published_at 2026-06-05T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.26874
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3627
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359692
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:17Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359692
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-84351&type=commits
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-84351&type=commits
4
reference_url https://moodle.org/mod/forum/discuss.php?d=467594
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=467594
5
reference_url https://access.redhat.com/security/cve/CVE-2025-3627
reference_id CVE-2025-3627
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:17Z/
url https://access.redhat.com/security/cve/CVE-2025-3627
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3627
reference_id CVE-2025-3627
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3627
7
reference_url https://github.com/advisories/GHSA-x45j-jq9q-gf3q
reference_id GHSA-x45j-jq9q-gf3q
reference_type
scores
url https://github.com/advisories/GHSA-x45j-jq9q-gf3q
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3627, GHSA-x45j-jq9q-gf3q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z693-m8fg-63cc
41
url VCID-zjqu-hbpf-9qe1
vulnerability_id VCID-zjqu-hbpf-9qe1
summary 
Moodle has a stored XSS risk in admin live log
Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T20:05:38Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26529
reference_id
reference_type
scores
0
value 0.00961
scoring_system epss
scoring_elements 0.76857
published_at 2026-06-08T12:55:00Z
1
value 0.00961
scoring_system epss
scoring_elements 0.7687
published_at 2026-06-05T12:55:00Z
2
value 0.00961
scoring_system epss
scoring_elements 0.76878
published_at 2026-06-06T12:55:00Z
3
value 0.00961
scoring_system epss
scoring_elements 0.76868
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26529
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=466145
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T20:05:38Z/
url https://moodle.org/mod/forum/discuss.php?d=466145
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26529
reference_id CVE-2025-26529
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26529
5
reference_url https://github.com/advisories/GHSA-wr88-x8cm-7cgq
reference_id GHSA-wr88-x8cm-7cgq
reference_type
scores
url https://github.com/advisories/GHSA-wr88-x8cm-7cgq
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.2
purl pkg:composer/moodle/moodle@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17k8-g4xw-b7g9
1
vulnerability VCID-1efm-18zh-w7gm
2
vulnerability VCID-1wup-hjxg-f7g4
3
vulnerability VCID-29mv-feyq-guew
4
vulnerability VCID-3m96-nmxm-tfgz
5
vulnerability VCID-3yre-ft3n-2fd3
6
vulnerability VCID-44zf-1dw7-qkf5
7
vulnerability VCID-4zvp-nmrk-4qbq
8
vulnerability VCID-5snb-dyv3-efe9
9
vulnerability VCID-5xhb-mx3v-fuhs
10
vulnerability VCID-61ry-zz34-8qhj
11
vulnerability VCID-657g-68tv-dkam
12
vulnerability VCID-7trf-g8dq-tua1
13
vulnerability VCID-dky9-v96e-pubh
14
vulnerability VCID-dr5e-6s1a-6uas
15
vulnerability VCID-ey6g-spfk-7bcw
16
vulnerability VCID-f1da-1duc-2uhb
17
vulnerability VCID-ffp4-23na-rkgr
18
vulnerability VCID-hufb-p6pa-63c9
19
vulnerability VCID-j3ts-5ghc-4qct
20
vulnerability VCID-m2a7-q28u-1yfw
21
vulnerability VCID-rgq5-458d-1fhg
22
vulnerability VCID-ueyy-v42v-7ydh
23
vulnerability VCID-vve8-f9s9-v7ft
24
vulnerability VCID-wby4-h9ud-1yh5
25
vulnerability VCID-wjby-arfq-buby
26
vulnerability VCID-wwx4-ns21-k3hd
27
vulnerability VCID-wytb-bryq-yqb4
28
vulnerability VCID-xqha-pgc4-3udb
29
vulnerability VCID-yby1-g45r-rugg
30
vulnerability VCID-ykj6-ptd4-7qfs
31
vulnerability VCID-z693-m8fg-63cc
32
vulnerability VCID-zrjj-atms-8uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2
aliases CVE-2025-26529, GHSA-wr88-x8cm-7cgq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zjqu-hbpf-9qe1
42
url VCID-zrjj-atms-8uf9
vulnerability_id VCID-zrjj-atms-8uf9
summary 
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84499
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:06Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84499
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3636
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27658
published_at 2026-06-06T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.2771
published_at 2026-06-05T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.27621
published_at 2026-06-07T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.27573
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3636
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359726
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:06Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2359726
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/0bd97209ac5e217dbec236c73e4f6fdcaee1c737
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0bd97209ac5e217dbec236c73e4f6fdcaee1c737
5
reference_url https://moodle.org/mod/forum/discuss.php?d=467598
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=467598
6
reference_url https://access.redhat.com/security/cve/CVE-2025-3636
reference_id CVE-2025-3636
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:06Z/
url https://access.redhat.com/security/cve/CVE-2025-3636
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3636
reference_id CVE-2025-3636
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3636
8
reference_url https://github.com/advisories/GHSA-chmf-m33p-ph8m
reference_id GHSA-chmf-m33p-ph8m
reference_type
scores
url https://github.com/advisories/GHSA-chmf-m33p-ph8m
fixed_packages
0
url pkg:composer/moodle/moodle@4.5.4
purl pkg:composer/moodle/moodle@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1efm-18zh-w7gm
1
vulnerability VCID-3m96-nmxm-tfgz
2
vulnerability VCID-44zf-1dw7-qkf5
3
vulnerability VCID-4zvp-nmrk-4qbq
4
vulnerability VCID-5snb-dyv3-efe9
5
vulnerability VCID-5xhb-mx3v-fuhs
6
vulnerability VCID-61ry-zz34-8qhj
7
vulnerability VCID-657g-68tv-dkam
8
vulnerability VCID-7trf-g8dq-tua1
9
vulnerability VCID-dr5e-6s1a-6uas
10
vulnerability VCID-ey6g-spfk-7bcw
11
vulnerability VCID-f1da-1duc-2uhb
12
vulnerability VCID-hufb-p6pa-63c9
13
vulnerability VCID-j3ts-5ghc-4qct
14
vulnerability VCID-m2a7-q28u-1yfw
15
vulnerability VCID-wby4-h9ud-1yh5
16
vulnerability VCID-yby1-g45r-rugg
17
vulnerability VCID-ykj6-ptd4-7qfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4
aliases CVE-2025-3636, GHSA-chmf-m33p-ph8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrjj-atms-8uf9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.0-beta