| 0 |
| url |
VCID-17k8-g4xw-b7g9 |
| vulnerability_id |
VCID-17k8-g4xw-b7g9 |
| summary |
Moodle allows IDOR when accessing the cohorts report
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3647, GHSA-34g7-pg9j-pxgp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-17k8-g4xw-b7g9 |
|
| 1 |
| url |
VCID-1efm-18zh-w7gm |
| vulnerability_id |
VCID-1efm-18zh-w7gm |
| summary |
Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-62400, GHSA-422v-w6c5-vq42
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1efm-18zh-w7gm |
|
| 2 |
| url |
VCID-1wup-hjxg-f7g4 |
| vulnerability_id |
VCID-1wup-hjxg-f7g4 |
| summary |
Moodle shows hidden grades to users without permission on some grade reports
A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.11 |
| purl |
pkg:composer/moodle/moodle@4.3.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 3 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 4 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 5 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 6 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 7 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 8 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 9 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 10 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 11 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 12 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 13 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 14 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 15 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 16 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 17 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 18 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.11 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.7 |
| purl |
pkg:composer/moodle/moodle@4.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 3 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 4 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 5 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 6 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 7 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 8 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 9 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 10 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 11 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 12 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 13 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 14 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 15 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 16 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 17 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 18 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 19 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 20 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 21 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 22 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 23 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 24 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 25 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 26 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 27 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.7 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.3 |
| purl |
pkg:composer/moodle/moodle@4.5.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 3 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 15 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 16 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 17 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 18 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 19 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 20 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 21 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 22 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 23 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 24 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 25 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 26 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 27 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 28 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 29 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 30 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.3 |
|
|
| aliases |
CVE-2025-32045, GHSA-8m7c-hm88-2p97
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1wup-hjxg-f7g4 |
|
| 3 |
| url |
VCID-29mv-feyq-guew |
| vulnerability_id |
VCID-29mv-feyq-guew |
| summary |
Moodle has a CSRF risk in user tours manager that allows tour duplication
A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3635, GHSA-88xj-97gf-7wpq
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-29mv-feyq-guew |
|
| 4 |
| url |
VCID-3yre-ft3n-2fd3 |
| vulnerability_id |
VCID-3yre-ft3n-2fd3 |
| summary |
Moodle has an IDOR in messaging web service which allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3645, GHSA-pj96-xh2w-fgqx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3yre-ft3n-2fd3 |
|
| 5 |
| url |
VCID-657g-68tv-dkam |
| vulnerability_id |
VCID-657g-68tv-dkam |
| summary |
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-26047, GHSA-cg8j-5cr2-568q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-657g-68tv-dkam |
|
| 6 |
| url |
VCID-6cvg-r9am-wbh5 |
| vulnerability_id |
VCID-6cvg-r9am-wbh5 |
| summary |
Moodle has a SQL injection risk in course search module list filter
An SQL injection risk was identified in the module list filter within course search. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26533, GHSA-rg56-94j7-hjx9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6cvg-r9am-wbh5 |
|
| 7 |
| url |
VCID-7trf-g8dq-tua1 |
| vulnerability_id |
VCID-7trf-g8dq-tua1 |
| summary |
Moodle has a time restriction bypass
An issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-62401, GHSA-w29j-8phw-ffjf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7trf-g8dq-tua1 |
|
| 8 |
| url |
VCID-8uah-srba-6ubb |
| vulnerability_id |
VCID-8uah-srba-6ubb |
| summary |
Moodle has an IDOR in badges allows disabling of arbitrary badges
Insufficient capability checks made it possible to disable badges a user does not have permission to access. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26531, GHSA-g88w-v4cq-qgcp
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8uah-srba-6ubb |
|
| 9 |
| url |
VCID-a1ek-x154-5ydy |
| vulnerability_id |
VCID-a1ek-x154-5ydy |
| summary |
Moodle has an arbitrary file read risk through pdfTeX
Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as
those with TeX Live installed). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26525, GHSA-4hmr-39vp-xfrr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a1ek-x154-5ydy |
|
| 10 |
| url |
VCID-dky9-v96e-pubh |
| vulnerability_id |
VCID-dky9-v96e-pubh |
| summary |
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3641, GHSA-c8v6-vxhf-wcrr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dky9-v96e-pubh |
|
| 11 |
| url |
VCID-ffp4-23na-rkgr |
| vulnerability_id |
VCID-ffp4-23na-rkgr |
| summary |
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3642, GHSA-m367-445c-2xqr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ffp4-23na-rkgr |
|
| 12 |
| url |
VCID-gwnb-e3gt-kqcb |
| vulnerability_id |
VCID-gwnb-e3gt-kqcb |
| summary |
Moodle allows teachers to evade trusttext config when restoring glossary entries
Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26532, GHSA-cw24-f6fq-7j9v
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gwnb-e3gt-kqcb |
|
| 13 |
| url |
VCID-gzdw-424p-mqfa |
| vulnerability_id |
VCID-gzdw-424p-mqfa |
| summary |
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block
Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26527, GHSA-5r85-6h7f-rg3r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gzdw-424p-mqfa |
|
| 14 |
| url |
VCID-j3ts-5ghc-4qct |
| vulnerability_id |
VCID-j3ts-5ghc-4qct |
| summary |
Moodle has a Remote Code Execution risk via file restore
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-26045, GHSA-ggxq-2mg9-8966
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ts-5ghc-4qct |
|
| 15 |
| url |
VCID-m2a7-q28u-1yfw |
| vulnerability_id |
VCID-m2a7-q28u-1yfw |
| summary |
Moodle vulnerable to brute-force password guesses
Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-62399, GHSA-m58f-9pvv-8mp2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m2a7-q28u-1yfw |
|
| 16 |
| url |
VCID-nctp-rev5-puej |
| vulnerability_id |
VCID-nctp-rev5-puej |
| summary |
Moodle allows reflected XSS via question bank filter
The question bank filter required additional sanitizing to prevent a reflected XSS risk. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26530, GHSA-4w32-c9g7-27qx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nctp-rev5-puej |
|
| 17 |
| url |
VCID-pd2f-4kxt-bkgp |
| vulnerability_id |
VCID-pd2f-4kxt-bkgp |
| summary |
Moodle's feedback response viewing and deletions did not respect Separate Groups mode
Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback
activities. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26526, GHSA-pxg4-xjp7-w9c5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pd2f-4kxt-bkgp |
|
| 18 |
| url |
VCID-rcr9-z41f-sqbr |
| vulnerability_id |
VCID-rcr9-z41f-sqbr |
| summary |
Moodle's mod_data edit/delete pages pass CSRF token in GET parameter
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3637, GHSA-9vc3-vm42-fjhm
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rcr9-z41f-sqbr |
|
| 19 |
| url |
VCID-sgdq-5ha7-nfh2 |
| vulnerability_id |
VCID-sgdq-5ha7-nfh2 |
| summary |
Moodle has a stored XSS in ddimageortext question type
The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26528, GHSA-h697-w4ph-7pcx
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sgdq-5ha7-nfh2 |
|
| 20 |
| url |
VCID-ueyy-v42v-7ydh |
| vulnerability_id |
VCID-ueyy-v42v-7ydh |
| summary |
Moodle has reflected Cross-site Scripting risk in policy tool
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3643, GHSA-hxgg-4qww-85ph
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ueyy-v42v-7ydh |
|
| 21 |
| url |
VCID-vve8-f9s9-v7ft |
| vulnerability_id |
VCID-vve8-f9s9-v7ft |
| summary |
Moodle's AJAX section delete does not respect course_can_delete_section()
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3644, GHSA-cpm7-mv33-jwf8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vve8-f9s9-v7ft |
|
| 22 |
| url |
VCID-wwx4-ns21-k3hd |
| vulnerability_id |
VCID-wwx4-ns21-k3hd |
| summary |
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3640, GHSA-6g5x-h5x7-q4mq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wwx4-ns21-k3hd |
|
| 23 |
| url |
VCID-wytb-bryq-yqb4 |
| vulnerability_id |
VCID-wytb-bryq-yqb4 |
| summary |
Moodle has a CSRF risk in Brickfield tool's analysis request action
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2359732 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
1.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2359732 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://moodle.org/mod/forum/discuss.php?d=467600 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
1.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/ |
|
|
| url |
https://moodle.org/mod/forum/discuss.php?d=467600 |
|
| 5 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2025-3638 |
| reference_id |
CVE-2025-3638 |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
1.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2025-3638 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3638, GHSA-m8qh-hx4c-h9hr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wytb-bryq-yqb4 |
|
| 24 |
| url |
VCID-xqha-pgc4-3udb |
| vulnerability_id |
VCID-xqha-pgc4-3udb |
| summary |
Moodle self enrollment available before completing second factor with MFA enabled
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3634, GHSA-qhc7-xhc2-7p7w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xqha-pgc4-3udb |
|
| 25 |
| url |
VCID-ykj6-ptd4-7qfs |
| vulnerability_id |
VCID-ykj6-ptd4-7qfs |
| summary |
Moodle affected by a code injection vulnerability
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-67847, GHSA-xvmh-25jw-gmmm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ykj6-ptd4-7qfs |
|
| 26 |
| url |
VCID-z693-m8fg-63cc |
| vulnerability_id |
VCID-z693-m8fg-63cc |
| summary |
Moodle makes some user data available before completing second factor with MFA enabled
A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA). |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3627, GHSA-x45j-jq9q-gf3q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z693-m8fg-63cc |
|
| 27 |
| url |
VCID-zjqu-hbpf-9qe1 |
| vulnerability_id |
VCID-zjqu-hbpf-9qe1 |
| summary |
Moodle has a stored XSS risk in admin live log
Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.3.10 |
| purl |
pkg:composer/moodle/moodle@4.3.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 6 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 7 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 8 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 9 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 10 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 11 |
| vulnerability |
VCID-rcr9-z41f-sqbr |
|
| 12 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 13 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 14 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 15 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 16 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 18 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 19 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.10 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.6 |
| purl |
pkg:composer/moodle/moodle@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 5 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 6 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 7 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 8 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 9 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 10 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 11 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 12 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 13 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 14 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 15 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 16 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 17 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 18 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 19 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 20 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 21 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 22 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 23 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 24 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 25 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 26 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 27 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 28 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.2 |
| purl |
pkg:composer/moodle/moodle@4.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-17k8-g4xw-b7g9 |
|
| 1 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 2 |
| vulnerability |
VCID-1wup-hjxg-f7g4 |
|
| 3 |
| vulnerability |
VCID-29mv-feyq-guew |
|
| 4 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 5 |
| vulnerability |
VCID-3yre-ft3n-2fd3 |
|
| 6 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 7 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 8 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 9 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 10 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 11 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 12 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 13 |
| vulnerability |
VCID-dky9-v96e-pubh |
|
| 14 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 15 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 16 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 17 |
| vulnerability |
VCID-ffp4-23na-rkgr |
|
| 18 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 19 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 20 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 21 |
| vulnerability |
VCID-rgq5-458d-1fhg |
|
| 22 |
| vulnerability |
VCID-ueyy-v42v-7ydh |
|
| 23 |
| vulnerability |
VCID-vve8-f9s9-v7ft |
|
| 24 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 25 |
| vulnerability |
VCID-wjby-arfq-buby |
|
| 26 |
| vulnerability |
VCID-wwx4-ns21-k3hd |
|
| 27 |
| vulnerability |
VCID-wytb-bryq-yqb4 |
|
| 28 |
| vulnerability |
VCID-xqha-pgc4-3udb |
|
| 29 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 30 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
| 31 |
| vulnerability |
VCID-z693-m8fg-63cc |
|
| 32 |
| vulnerability |
VCID-zrjj-atms-8uf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2 |
|
|
| aliases |
CVE-2025-26529, GHSA-wr88-x8cm-7cgq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zjqu-hbpf-9qe1 |
|
| 28 |
| url |
VCID-zrjj-atms-8uf9 |
| vulnerability_id |
VCID-zrjj-atms-8uf9 |
| summary |
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.4.8 |
| purl |
pkg:composer/moodle/moodle@4.4.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 2 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 3 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 4 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 5 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 6 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 7 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 8 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 9 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 10 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 11 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 12 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 13 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 14 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 15 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@4.5.4 |
| purl |
pkg:composer/moodle/moodle@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1efm-18zh-w7gm |
|
| 1 |
| vulnerability |
VCID-3m96-nmxm-tfgz |
|
| 2 |
| vulnerability |
VCID-44zf-1dw7-qkf5 |
|
| 3 |
| vulnerability |
VCID-4zvp-nmrk-4qbq |
|
| 4 |
| vulnerability |
VCID-5snb-dyv3-efe9 |
|
| 5 |
| vulnerability |
VCID-5xhb-mx3v-fuhs |
|
| 6 |
| vulnerability |
VCID-61ry-zz34-8qhj |
|
| 7 |
| vulnerability |
VCID-657g-68tv-dkam |
|
| 8 |
| vulnerability |
VCID-7trf-g8dq-tua1 |
|
| 9 |
| vulnerability |
VCID-dr5e-6s1a-6uas |
|
| 10 |
| vulnerability |
VCID-ey6g-spfk-7bcw |
|
| 11 |
| vulnerability |
VCID-f1da-1duc-2uhb |
|
| 12 |
| vulnerability |
VCID-hufb-p6pa-63c9 |
|
| 13 |
| vulnerability |
VCID-j3ts-5ghc-4qct |
|
| 14 |
| vulnerability |
VCID-m2a7-q28u-1yfw |
|
| 15 |
| vulnerability |
VCID-wby4-h9ud-1yh5 |
|
| 16 |
| vulnerability |
VCID-yby1-g45r-rugg |
|
| 17 |
| vulnerability |
VCID-ykj6-ptd4-7qfs |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4 |
|
|
| aliases |
CVE-2025-3636, GHSA-chmf-m33p-ph8m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zrjj-atms-8uf9 |
|