{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","type":"composer","namespace":"moodle","name":"moodle","version":"4.4.12","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.5.9","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50291?format=json","vulnerability_id":"VCID-657g-68tv-dkam","summary":"Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits\nA Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26047","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.262","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26047"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440905","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440905"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=473316","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=473316"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-26047","reference_id":"CVE-2026-26047","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-26047"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26047","reference_id":"CVE-2026-26047","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26047"},{"reference_url":"https://github.com/advisories/GHSA-cg8j-5cr2-568q","reference_id":"GHSA-cg8j-5cr2-568q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg8j-5cr2-568q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74185?format=json","purl":"pkg:composer/moodle/moodle@4.5.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/74184?format=json","purl":"pkg:composer/moodle/moodle@5.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74183?format=json","purl":"pkg:composer/moodle/moodle@5.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2"}],"aliases":["CVE-2026-26047","GHSA-cg8j-5cr2-568q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-657g-68tv-dkam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50289?format=json","vulnerability_id":"VCID-j3ts-5ghc-4qct","summary":"Moodle has a Remote Code Execution risk via file restore\nA flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26045","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29587","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26045"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440901","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440901"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=473314","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=473314"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-26045","reference_id":"CVE-2026-26045","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-26045"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26045","reference_id":"CVE-2026-26045","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26045"},{"reference_url":"https://github.com/advisories/GHSA-ggxq-2mg9-8966","reference_id":"GHSA-ggxq-2mg9-8966","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ggxq-2mg9-8966"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74185?format=json","purl":"pkg:composer/moodle/moodle@4.5.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/74184?format=json","purl":"pkg:composer/moodle/moodle@5.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74183?format=json","purl":"pkg:composer/moodle/moodle@5.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2"}],"aliases":["CVE-2026-26045","GHSA-ggxq-2mg9-8966"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ts-5ghc-4qct"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49983?format=json","vulnerability_id":"VCID-44zf-1dw7-qkf5","summary":"Moodle formula injection vulnerability\nA flaw was found in Moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67851","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1974","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67851"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423841","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423841"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22"},{"reference_url":"https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd"},{"reference_url":"https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471301","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=471301"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67851","reference_id":"CVE-2025-67851","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67851"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67851","reference_id":"CVE-2025-67851","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67851"},{"reference_url":"https://github.com/advisories/GHSA-qfh6-h7j6-fvjv","reference_id":"GHSA-qfh6-h7j6-fvjv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qfh6-h7j6-fvjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67851","GHSA-qfh6-h7j6-fvjv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44zf-1dw7-qkf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49970?format=json","vulnerability_id":"VCID-4zvp-nmrk-4qbq","summary":"Moodle Cross-site Scripting (XSS) vulnerability\nA flaw was found in Moodle. This Cross-site Scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67849","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00697","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67849"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423835","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423835"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471299","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=471299"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67849","reference_id":"CVE-2025-67849","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67849"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67849","reference_id":"CVE-2025-67849","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67849"},{"reference_url":"https://github.com/advisories/GHSA-mhf6-pp52-8wqj","reference_id":"GHSA-mhf6-pp52-8wqj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhf6-pp52-8wqj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67849","GHSA-mhf6-pp52-8wqj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zvp-nmrk-4qbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49974?format=json","vulnerability_id":"VCID-5snb-dyv3-efe9","summary":"Moodle Open Redirect vulnerability\nA flaw was found in Moodle. An Open Redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67852","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03529","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67852"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423844","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423844"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471302","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=471302"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67852","reference_id":"CVE-2025-67852","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67852"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67852","reference_id":"CVE-2025-67852","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67852"},{"reference_url":"https://github.com/advisories/GHSA-qv78-6gpp-hm68","reference_id":"GHSA-qv78-6gpp-hm68","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qv78-6gpp-hm68"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67852","GHSA-qv78-6gpp-hm68"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5snb-dyv3-efe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49967?format=json","vulnerability_id":"VCID-5xhb-mx3v-fuhs","summary":"Moodle Inserts Sensitive Information Into Sent Data\nA flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67857","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06023","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67857"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423868","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423868"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6"},{"reference_url":"https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471307","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=471307"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67857","reference_id":"CVE-2025-67857","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67857"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67857","reference_id":"CVE-2025-67857","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67857"},{"reference_url":"https://github.com/advisories/GHSA-8jrv-wx83-w3xj","reference_id":"GHSA-8jrv-wx83-w3xj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jrv-wx83-w3xj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67857","GHSA-8jrv-wx83-w3xj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xhb-mx3v-fuhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49975?format=json","vulnerability_id":"VCID-61ry-zz34-8qhj","summary":"Moodle authentication bypass vulnerability\nA flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67848","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15459","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67848"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423831","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423831"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8"},{"reference_url":"https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471298","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=471298"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67848","reference_id":"CVE-2025-67848","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67848"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67848","reference_id":"CVE-2025-67848","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67848"},{"reference_url":"https://github.com/advisories/GHSA-j5jv-w5cw-j9ff","reference_id":"GHSA-j5jv-w5cw-j9ff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5jv-w5cw-j9ff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67848","GHSA-j5jv-w5cw-j9ff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61ry-zz34-8qhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49987?format=json","vulnerability_id":"VCID-f1da-1duc-2uhb","summary":"Moodle Affected by Improper Restriction of Excessive Authentication Attempts\nA flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67853","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10917","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67853"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423847","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423847"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=471303"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67853","reference_id":"CVE-2025-67853","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67853"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67853","reference_id":"CVE-2025-67853","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67853"},{"reference_url":"https://github.com/advisories/GHSA-5cx4-w4fh-fr57","reference_id":"GHSA-5cx4-w4fh-fr57","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cx4-w4fh-fr57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67853","GHSA-5cx4-w4fh-fr57"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1da-1duc-2uhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49973?format=json","vulnerability_id":"VCID-hufb-p6pa-63c9","summary":"Moodle has an authorization logic flaw\nA flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67856","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06512","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67856"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423864","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423864"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471306","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=471306"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67856","reference_id":"CVE-2025-67856","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67856"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67856","reference_id":"CVE-2025-67856","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67856"},{"reference_url":"https://github.com/advisories/GHSA-hcm6-q6pc-xfhm","reference_id":"GHSA-hcm6-q6pc-xfhm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcm6-q6pc-xfhm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67856","GHSA-hcm6-q6pc-xfhm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hufb-p6pa-63c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49969?format=json","vulnerability_id":"VCID-wby4-h9ud-1yh5","summary":"Moodle vulnerable to Cross-site Scripting\nA flaw was found in Moodle. This vulnerability, known as Cross-site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67850","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01935","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67850"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423838","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423838"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471300","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=471300"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67850","reference_id":"CVE-2025-67850","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67850"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67850","reference_id":"CVE-2025-67850","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67850"},{"reference_url":"https://github.com/advisories/GHSA-6mmv-f6c6-v6q8","reference_id":"GHSA-6mmv-f6c6-v6q8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mmv-f6c6-v6q8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67850","GHSA-6mmv-f6c6-v6q8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wby4-h9ud-1yh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49984?format=json","vulnerability_id":"VCID-yby1-g45r-rugg","summary":"Moodle vulnerable to Cross-site Scripting\nA flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67855","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.118","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67855"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423861","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423861"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471305","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=471305"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67855","reference_id":"CVE-2025-67855","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67855"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67855","reference_id":"CVE-2025-67855","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67855"},{"reference_url":"https://github.com/advisories/GHSA-vwhw-vp9v-q9c9","reference_id":"GHSA-vwhw-vp9v-q9c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vwhw-vp9v-q9c9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67855","GHSA-vwhw-vp9v-q9c9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yby1-g45r-rugg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49824?format=json","vulnerability_id":"VCID-ykj6-ptd4-7qfs","summary":"Moodle affected by a code injection vulnerability\nA flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67847","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08982","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67847"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=471297#p1892199","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=471297#p1892199"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-67847","reference_id":"CVE-2025-67847","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:19Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-67847"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67847","reference_id":"CVE-2025-67847","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67847"},{"reference_url":"https://github.com/advisories/GHSA-xvmh-25jw-gmmm","reference_id":"GHSA-xvmh-25jw-gmmm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvmh-25jw-gmmm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73591?format=json","purl":"pkg:composer/moodle/moodle@4.1.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22"},{"url":"http://public2.vulnerablecode.io/api/packages/73590?format=json","purl":"pkg:composer/moodle/moodle@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73589?format=json","purl":"pkg:composer/moodle/moodle@4.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/73588?format=json","purl":"pkg:composer/moodle/moodle@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73587?format=json","purl":"pkg:composer/moodle/moodle@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-j3ts-5ghc-4qct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1"}],"aliases":["CVE-2025-67847","GHSA-xvmh-25jw-gmmm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykj6-ptd4-7qfs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12"}