moodle

629 tracked vulnerabilities.

CVE-2025-26525 HIGH
Moodle - Arbitrary File Read via TeX Notation Filter
Feb 24, 2025
CVSS 8.6
EPSS 0.00
CVE-2024-48899 MEDIUM
Moodle 4.4.0-4.4.3 - Improper Access Control in Course Badge Listing
Nov 20, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-45691 MEDIUM
Moodle < 4.1.13 - Password Bypass via Loose Comparison in Lesson Activity
Nov 20, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45690 HIGH
Moodle < 4.1.13 - Incorrect Default Permissions
Nov 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-45689 MEDIUM
Moodle < 4.1.13 - Missing Authorization in Dynamic Tables
Nov 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-48901 MEDIUM
Moodle < 4.1.14 - Improper Authorization in Report Schedule Access
Nov 18, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-48898 MEDIUM
Moodle < 4.1.14 - Missing Authorization in Audience Deletion
Nov 18, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-48897 MEDIUM
Moodle < 4.1.14 - Improper Authorization in RSS Feed Management
Nov 18, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-48896 MEDIUM
Moodle < 4.1.14 - Unauthorized User Name Disclosure via Messaging Error Message
Nov 18, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-48900 MEDIUM
Moodle 4.4.0-4.4.3 - Exposure of Sensitive Information via Badge Recipient Access Control
Nov 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-43439 MEDIUM
Moodle < 4.1.12 - Reflected Cross-Site Scripting in H5P Error Messages
Nov 11, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-43437 MEDIUM
moodle <4.1.12 and 4.4.0-4.4.2 - Stored Cross-Site Scripting via Malicious Backup File Restore
Nov 11, 2024
CVSS 5.4
EPSS 0.02
CVE-2024-43435 MEDIUM
Moodle < 4.1.12 and 4.4.0-4.4.2 - Insufficient Capability Check in Glossary Restore
Nov 11, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-43433 MEDIUM
Moodle 4.3.0-4.3.5 and 4.4.0-4.4.1 - Incorrect Authorization in Matrix Room Membership
Nov 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-43432 MEDIUM
moodle < 4.1.12 and 4.4.0-4.4.2 - Cleartext Transmission of Sensitive Information via cURL Wrapper Redirect
Nov 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-43430 MEDIUM
Moodle 4.4.0-4.4.2 - Insufficient Access Control in External API Quiz Access
Nov 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-43429 MEDIUM
Moodle < 4.1.12 and 4.4.0-4.4.2 - Unprotected User Data Exposure via Gradebook Reports
Nov 11, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-43427 LOW
moodle <4.1.12 and 4.4.0-4.4.2 - Sensitive Information Exposure in Site Administration Presets Export
Nov 11, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-43440 HIGH
moodle < 4.1.12 - Path Traversal via Block Backup Restore
Nov 07, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-43438 HIGH
Moodle 4.1.0-4.1.11 - Authorization Bypass in Feedback Bulk Messaging
Nov 07, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-43436 HIGH
Moodle < 4.1.12 - Authenticated SQL Injection via XMLDB Editor
Nov 07, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-43434 HIGH
Moodle - Cross-Site Request Forgery in Feedback Module Bulk Message Sending
Nov 07, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-43431 HIGH
Moodle < 4.1.12 - Missing Authorization for Badge Deletion
Nov 07, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-43428 HIGH
Moodle < 4.1.12 - Cache Poisoning via Insufficient Local Storage Validation
Nov 07, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-43426 HIGH
moodle - Arbitrary File Read via TeX Notation Filter
Nov 07, 2024
CVSS 7.5
EPSS 0.01
Products
moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1
Quick Filters
Critical CVEs With Exploits In CISA KEV