moodle

CVE-2025-3647 MEDIUM

Moodle < 4.1.18 - Incorrect Authorization in Cohort Data Access

Apr 25, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-3645 MEDIUM

Moodle < 4.1.18 - Incorrect Authorization in Messaging Web Service

Apr 25, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-3644 MEDIUM

Moodle < 4.1.18 - Incorrect Authorization in Course Section Deletion

Apr 25, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-3643 MEDIUM

Moodle < 4.1.18 - Reflected Cross-Site Scripting in Policy Tool Return URL

Apr 25, 2025

CVSS 5.4

EPSS 0.00

CVE-2025-3642 HIGH

Moodle < 4.1.18 - Authenticated Remote Code Execution via EQUELLA Repository

Apr 25, 2025

CVSS 8.8

EPSS 0.01

CVE-2025-3641 HIGH

Moodle < 4.1.18 - Authenticated Remote Code Execution via Dropbox Repository

Apr 25, 2025

CVSS 8.8

EPSS 0.01

CVE-2025-3640 MEDIUM

Moodle < 4.1.18 - Authorization Bypass via Insufficient Capability Checks

Apr 25, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-3638 HIGH

Moodle < 4.1.18 - Cross-Site Request Forgery in Brickfield Tool Analysis Request

Apr 25, 2025

CVSS 8.8

EPSS 0.00

CVE-2025-3637 LOW

Moodle < 4.3.12 - Sensitive Query String Exposure in mod_data Edit and Delete Pages

Apr 25, 2025

CVSS 3.1

EPSS 0.00

CVE-2025-3636 MEDIUM

Moodle < 4.1.18 - Authorization Bypass via RSS Feed Access

Apr 25, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-3635 LOW

Moodle < 4.1.18 - Unauthenticated Cross-Site Request Forgery

Apr 25, 2025

CVSS 3.5

EPSS 0.00

CVE-2025-3628 MEDIUM

Moodle 4.5.0-4.5.3 - Unauthenticated Exposure of Sensitive Information via Assignment Search

Apr 25, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-3627 MEDIUM

Moodle 4.3.0-4.3.11 - Improper Authentication

Apr 25, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-3625 HIGH

Moodle 4.3.0-4.3.11 - Authorization Bypass via Two-Factor Authentication

Apr 25, 2025

CVSS 7.1

EPSS 0.00

CVE-2025-32045 MEDIUM

Moodle < 4.1.17 - Missing Authorization in Grade Reports

Apr 25, 2025

CVSS 5.3

EPSS 0.00

CVE-2025-32044 HIGH

Moodle 4.5.0-4.5.2 - Unauthenticated Exposure of Sensitive User Data via API Stack Traces

Apr 25, 2025

CVSS 7.5

EPSS 0.00

CVE-2025-3634 MEDIUM

Moodle 4.3.0-4.3.11 - Improper Authentication via Course Enrollment Bypass

Apr 25, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-26533 HIGH

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - SQL Injection in Course Search Module List Filter

Feb 24, 2025

CVSS 8.1

EPSS 0.00

CVE-2025-26532 LOW

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Incorrect Authorization in Glossary Entry Restoration

Feb 24, 2025

CVSS 3.1

EPSS 0.00

CVE-2025-26531 LOW

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Incorrect Authorization in Badge Management

Feb 24, 2025

CVSS 3.1

EPSS 0.00

CVE-2025-26530 HIGH

moodle 4.3.0-4.3.9 and 4.5.0-beta-4.5.1 - Reflected Cross-Site Scripting in Question Bank Filter

Feb 24, 2025

CVSS 8.3

EPSS 0.01

CVE-2025-26529 HIGH

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Stored Cross-Site Scripting in Site Administration Live Log

Feb 24, 2025

CVSS 8.3

EPSS 0.01

CVE-2025-26528 LOW

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Stored Cross-Site Scripting in Drag-and-Drop onto Image Question Type

Feb 24, 2025

CVSS 3.4

EPSS 0.01

CVE-2025-26527 MEDIUM

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Exposure of Sensitive Information via Tag Search

Feb 24, 2025

CVSS 5.3

EPSS 0.00

CVE-2025-26526 MEDIUM

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Incorrect Authorization in Feedback Activity

Feb 24, 2025

CVSS 6.5

EPSS 0.00