moodle

629 tracked vulnerabilities.

CVE-2024-43425 HIGH NUCLEI
Moodle Remote Code Execution (CVE-2024-43425)
Nov 07, 2024
CVSS 8.1
EPSS 0.89
CVE-2024-34312 MEDIUM
Virtual Programming Lab for Moodle <4.2.3 - XSS
Jun 24, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-37674 MEDIUM
Moodle 3.10 - Cross-Site Scripting via New Activity Name Parameter
Jun 20, 2024
CVSS 5.5
EPSS 0.04
CVE-2024-38277 MEDIUM
Moodle - Inadequate Key Generation for QR and Auto-Login
Jun 18, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-38276 HIGH
Product <Version - CSRF
Jun 18, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-38275 HIGH
Moodle < 4.1.11 and 4.4.0-beta-4.4.1 - Sensitive Information Exposure via cURL Redirect Header Retention
Jun 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-38274 MEDIUM
Moodle - Stored XSS via Calendar Event Titles
Jun 18, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38273 MEDIUM
Moodle 4.1.0-4.1.10 and 4.4.0-beta - Improper Access Control in BigBlueButton Join URL
Jun 18, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-34009 HIGH
Moodle 4.3.0-4.3.3 - Unauthenticated ReCAPTCHA Bypass on Login Page
May 31, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-34008 HIGH
Moodle 4.0-4.3.3 - Cross-Site Request Forgery in Analytics Model Management
May 31, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-34007 HIGH
Moodle 4.3.0-4.3.3 - Cross-Site Request Forgery in MFA Logout
May 31, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-34006 MEDIUM
Moodle < 4.1.10 and 4.3.0-4.3.4 - Cross-Site Scripting in Site Log Report
May 31, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-34005 MEDIUM
moodle <4.1.10 and 4.3.0-4.3.4 - Local File Inclusion via Restored Database Activity Module
May 31, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-34004 MEDIUM
Moodle < 4.1.10 and 4.3.0-4.3.4 - Local File Include via Wiki Module Restore
May 31, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-34003 MEDIUM
Moodle < 4.1.10 and 4.3.0-4.3.4 - Local File Inclusion via Workshop Module Restore
May 31, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-34002 MEDIUM
Moodle < 4.1.10 and 4.3.0-4.3.4 - Local File Include via Feedback Module Restore
May 31, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-34001 HIGH
moodle <4.1.10 and 4.3.0-4.3.4 - Cross-Site Request Forgery in Admin Preset Tool
May 31, 2024
CVSS 8.4
EPSS 0.00
CVE-2024-34000 MEDIUM
Lesson Overview Report < Stored XSS
May 31, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-33999 CRITICAL
Moodle 4.3.0-4.3.4 - Improper Input Validation in MFA Referrer URL
May 31, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-33998 MEDIUM
Moodle - Stored XSS via Participants Page
May 31, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-33997 MEDIUM
Moodle - Stored XSS in Equation Editor
May 31, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-33996 MEDIUM
Calendar Web Service - Info Disclosure
May 31, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-28593 MEDIUM
Moodle 4.3.3 - Unauthenticated HTML Injection in Chat Activity
Mar 22, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29374 MEDIUM
moodle - Cross-Site Scripting via Lang URL Parameter
Mar 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-25983 LOW
moodle 4.1.0-4.1.8 and 4.3.0-4.3.2 - Authorization Bypass in Comments Block Web Service
Feb 19, 2024
CVSS 3.5
EPSS 0.00
Products
moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1
Quick Filters
Critical CVEs With Exploits In CISA KEV