Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / moodle

moodle

629 tracked vulnerabilities.

CVE-2026-26047 MEDIUM

Moodle 4.5.0-4.5.8 and 5.1.0-beta-5.1.1 - Authenticated Denial of Service via TeX Formula Rendering

CVE-2026-26046 HIGH

Moodle TeX Filter - Command Injection

CVE-2026-26045 HIGH

Moodle 4.5.0-4.5.8 and 5.1.0-beta-5.1.1 - Authenticated Remote Code Execution via Backup Restore

CVE-2025-67857 MEDIUM

moodle < 4.1.21 and >= 0 < 4.1.22 - Unauthenticated User Identifier Exposure in Anonymous Assignment Submission URLs

CVE-2025-67856 MEDIUM

Moodle < 4.1.22 - Incorrect Authorization in Badge Awarding Process

CVE-2025-67855 MEDIUM

Moodle < 4.1.22 - Reflected Cross-Site Scripting via Policy Tool Return URL

CVE-2025-67853 HIGH

Moodle < 4.1.22 - Improper Restriction of Excessive Authentication Attempts

CVE-2025-67852 LOW

Moodle < 4.1.22 - Open Redirect via OAuth Login Flow

CVE-2025-67851 MEDIUM

moodle < 4.1.22 - Formula Injection via CSV Export

CVE-2025-67850 HIGH

moodle < 4.1.22 - Stored Cross-Site Scripting in Formula Editor Arithmetic Expression Fields

CVE-2025-67849 HIGH

Moodle 4.5.0-4.5.7 and <4.1.22 - Stored Cross-Site Scripting via AI Prompt Response

CVE-2025-67848 HIGH

Moodle < 4.1.22 - Authentication Bypass via LTI Provider

CVE-2025-67847 HIGH

Moodle 4.1.0-4.1.21 and 5.1.0-beta - Authenticated Remote Code Execution via Restore Interface

CVE-2025-62401 MEDIUM

Moodle 4.1.0-4.1.20 and 5.0.0-beta-5.0.2 - Improper Authorization in Timed Assignment Feature

CVE-2025-62400 MEDIUM

Moodle 4.1.0-4.1.20 and 5.0.0-beta-5.0.2 - Unauthorized Exposure of Hidden Group Names via Calendar Event Creation

CVE-2025-62399 HIGH

Moodle 4.1.0-4.1.20 and 5.0.0-beta-5.0.2 - Brute-Force Attack via Authentication Endpoints

CVE-2025-62398 MEDIUM

Moodle 4.4.0-4.4.10 and 5.0.0-beta-5.0.2 - Authenticated Multi-Factor Authentication Bypass

CVE-2025-62397 MEDIUM

moodle 5.0.0-5.0.3 - Information Disclosure via Invalid Course ID Error Response

CVE-2025-62396 MEDIUM

Moodle 4.5.0-4.5.6 and 5.0.0-beta-5.0.2 - Directory Listing Exposure via Router Error Handling

CVE-2025-62395 MEDIUM

moodle 4.1.0-4.1.20 - Improper Access Control in Cohort Search Web Service

CVE-2025-62394 MEDIUM

Moodle 4.5.0-4.5.6 and 5.0.0-beta-5.0.2 - Incorrect Authorization in Quiz Notification

CVE-2025-62393 MEDIUM

moodle 5.0.0-5.0.3 - Improper Access Control in Course Overview Output

CVE-2025-53021 MEDIUM

Moodle 3.0.0-3.11.18 - Unauthenticated Session Fixation via sesskey Parameter

CVE-2025-34032 MEDIUM NUCLEI

Moodle Jmol Plugin < 6.1 - Reflected Cross-Site Scripting via jsmol.php Data Parameter

CVE-2025-34031 HIGH NUCLEI

Moodle LMS Jmol plugin <6.1 - Path Traversal

Page 1 of 26 Next

Products

moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy