Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/950442?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/950442?format=api", "purl": "pkg:composer/moodle/moodle@5.1.0-rc1", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "5.1.0-rc1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.1.2", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49983?format=api", "vulnerability_id": "VCID-44zf-1dw7-qkf5", "summary": "Moodle formula injection vulnerability\nA flaw was found in Moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1974", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67851" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423841", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423841" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22" }, { "reference_url": "https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd" }, { "reference_url": "https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471301", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471301" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67851", "reference_id": "CVE-2025-67851", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67851" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67851", "reference_id": "CVE-2025-67851", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67851" }, { "reference_url": "https://github.com/advisories/GHSA-qfh6-h7j6-fvjv", "reference_id": "GHSA-qfh6-h7j6-fvjv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qfh6-h7j6-fvjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67851", "GHSA-qfh6-h7j6-fvjv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44zf-1dw7-qkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49970?format=api", "vulnerability_id": "VCID-4zvp-nmrk-4qbq", "summary": "Moodle Cross-site Scripting (XSS) vulnerability\nA flaw was found in Moodle. This Cross-site Scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67849", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00697", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67849" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423835", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423835" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471299", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471299" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67849", "reference_id": "CVE-2025-67849", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67849" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67849", "reference_id": "CVE-2025-67849", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67849" }, { "reference_url": "https://github.com/advisories/GHSA-mhf6-pp52-8wqj", "reference_id": "GHSA-mhf6-pp52-8wqj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhf6-pp52-8wqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67849", "GHSA-mhf6-pp52-8wqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zvp-nmrk-4qbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49974?format=api", "vulnerability_id": "VCID-5snb-dyv3-efe9", "summary": "Moodle Open Redirect vulnerability\nA flaw was found in Moodle. An Open Redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03529", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67852" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423844", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423844" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471302", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471302" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67852", "reference_id": "CVE-2025-67852", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67852" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67852", "reference_id": "CVE-2025-67852", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67852" }, { "reference_url": "https://github.com/advisories/GHSA-qv78-6gpp-hm68", "reference_id": "GHSA-qv78-6gpp-hm68", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qv78-6gpp-hm68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67852", "GHSA-qv78-6gpp-hm68" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5snb-dyv3-efe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49967?format=api", "vulnerability_id": "VCID-5xhb-mx3v-fuhs", "summary": "Moodle Inserts Sensitive Information Into Sent Data\nA flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06023", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67857" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423868", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423868" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6" }, { "reference_url": "https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471307", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471307" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67857", "reference_id": "CVE-2025-67857", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67857" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67857", "reference_id": "CVE-2025-67857", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67857" }, { "reference_url": "https://github.com/advisories/GHSA-8jrv-wx83-w3xj", "reference_id": "GHSA-8jrv-wx83-w3xj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jrv-wx83-w3xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67857", "GHSA-8jrv-wx83-w3xj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xhb-mx3v-fuhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49975?format=api", "vulnerability_id": "VCID-61ry-zz34-8qhj", "summary": "Moodle authentication bypass vulnerability\nA flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67848" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423831", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423831" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8" }, { "reference_url": "https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471298", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471298" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67848", "reference_id": "CVE-2025-67848", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67848" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67848", "reference_id": "CVE-2025-67848", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67848" }, { "reference_url": "https://github.com/advisories/GHSA-j5jv-w5cw-j9ff", "reference_id": "GHSA-j5jv-w5cw-j9ff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5jv-w5cw-j9ff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67848", "GHSA-j5jv-w5cw-j9ff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61ry-zz34-8qhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50291?format=api", "vulnerability_id": "VCID-657g-68tv-dkam", "summary": "Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits\nA Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.262", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26047" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440905", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440905" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=473316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=473316" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-26047", "reference_id": "CVE-2026-26047", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-26047" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26047", "reference_id": "CVE-2026-26047", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26047" }, { "reference_url": "https://github.com/advisories/GHSA-cg8j-5cr2-568q", "reference_id": "GHSA-cg8j-5cr2-568q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg8j-5cr2-568q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74183?format=api", "purl": "pkg:composer/moodle/moodle@5.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2" } ], "aliases": [ "CVE-2026-26047", "GHSA-cg8j-5cr2-568q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-657g-68tv-dkam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49987?format=api", "vulnerability_id": "VCID-f1da-1duc-2uhb", "summary": "Moodle Affected by Improper Restriction of Excessive Authentication Attempts\nA flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10917", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67853" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423847", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423847" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471303" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67853", "reference_id": "CVE-2025-67853", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67853" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67853", "reference_id": "CVE-2025-67853", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67853" }, { "reference_url": "https://github.com/advisories/GHSA-5cx4-w4fh-fr57", "reference_id": "GHSA-5cx4-w4fh-fr57", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5cx4-w4fh-fr57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67853", "GHSA-5cx4-w4fh-fr57" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1da-1duc-2uhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49973?format=api", "vulnerability_id": "VCID-hufb-p6pa-63c9", "summary": "Moodle has an authorization logic flaw\nA flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06512", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423864", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423864" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471306", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471306" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67856", "reference_id": "CVE-2025-67856", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67856" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67856", "reference_id": "CVE-2025-67856", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67856" }, { "reference_url": "https://github.com/advisories/GHSA-hcm6-q6pc-xfhm", "reference_id": "GHSA-hcm6-q6pc-xfhm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hcm6-q6pc-xfhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67856", "GHSA-hcm6-q6pc-xfhm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hufb-p6pa-63c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50289?format=api", "vulnerability_id": "VCID-j3ts-5ghc-4qct", "summary": "Moodle has a Remote Code Execution risk via file restore\nA flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29587", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26045" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440901", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440901" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=473314", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=473314" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-26045", "reference_id": "CVE-2026-26045", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-26045" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26045", "reference_id": "CVE-2026-26045", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26045" }, { "reference_url": "https://github.com/advisories/GHSA-ggxq-2mg9-8966", "reference_id": "GHSA-ggxq-2mg9-8966", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ggxq-2mg9-8966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74183?format=api", "purl": "pkg:composer/moodle/moodle@5.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2" } ], "aliases": [ "CVE-2026-26045", "GHSA-ggxq-2mg9-8966" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ts-5ghc-4qct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49969?format=api", "vulnerability_id": "VCID-wby4-h9ud-1yh5", "summary": "Moodle vulnerable to Cross-site Scripting\nA flaw was found in Moodle. This vulnerability, known as Cross-site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01935", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67850" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423838", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423838" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471300", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471300" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67850", "reference_id": "CVE-2025-67850", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67850" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67850", "reference_id": "CVE-2025-67850", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67850" }, { "reference_url": "https://github.com/advisories/GHSA-6mmv-f6c6-v6q8", "reference_id": "GHSA-6mmv-f6c6-v6q8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mmv-f6c6-v6q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67850", "GHSA-6mmv-f6c6-v6q8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wby4-h9ud-1yh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49984?format=api", "vulnerability_id": "VCID-yby1-g45r-rugg", "summary": "Moodle vulnerable to Cross-site Scripting\nA flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.118", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423861", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423861" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471305", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471305" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67855", "reference_id": "CVE-2025-67855", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67855" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67855", "reference_id": "CVE-2025-67855", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67855" }, { "reference_url": "https://github.com/advisories/GHSA-vwhw-vp9v-q9c9", "reference_id": "GHSA-vwhw-vp9v-q9c9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vwhw-vp9v-q9c9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67855", "GHSA-vwhw-vp9v-q9c9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yby1-g45r-rugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49824?format=api", "vulnerability_id": "VCID-ykj6-ptd4-7qfs", "summary": "Moodle affected by a code injection vulnerability\nA flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08982", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67847" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471297#p1892199", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471297#p1892199" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67847", "reference_id": "CVE-2025-67847", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:19Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67847" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67847", "reference_id": "CVE-2025-67847", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67847" }, { "reference_url": "https://github.com/advisories/GHSA-xvmh-25jw-gmmm", "reference_id": "GHSA-xvmh-25jw-gmmm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvmh-25jw-gmmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67847", "GHSA-xvmh-25jw-gmmm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykj6-ptd4-7qfs" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.0-rc1" }