⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

Create Draft to queue a suggestion for refinement.

Dismiss to remove a suggestion from the queue.

CVE-2025-3636
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 1 week ago
Moodle: idor in moodle rss block allows unauthorized access to rss feeds

A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.

moodle
<4.4.8
<4.1.18
<4.5.4
<4.3.12

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3627
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 1 week ago
Moodle: partial data exposure in moodle before completing multi-factor authentication

A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).

moodle
<4.4.8
<4.5.4
<4.3.12

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3638
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Moodle: csrf risk in brickfield tool's analysis request action

A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.

moodle
<4.4.8
<4.1.18
<4.5.4
<4.3.12

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3641
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago
Moodle: authenticated remote code execution risk in the moodle lms dropbox repository

A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.

moodle
<4.3.12
<4.4.8
<4.1.18
<4.5.4

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3637
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 1 week ago
Moodle: csrf token exposure via url in moodle mod_data module

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.

moodle
<4.3.12
<4.5.4
<4.4.8
<4.1.18

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3634
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 1 week ago
Moodle: moodle allows course self-enrolment before completing mfa

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

moodle
<4.4.8
<4.5.4
<4.3.12

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3635
3.5 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 1 week ago
Moodle: csrf risk in moodle user tours manager allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.

moodle
<4.4.8
<4.1.18
<4.5.4
<4.3.12

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3644
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 1 week ago
Moodle: ajax section delete does not respect course_can_delete_section()

A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.

moodle
<4.4.8
<4.1.18
<4.5.4
<4.3.12

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3628
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 1 week ago
Moodle: moodle assignment submission search leaks anonymous student identities

A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.

moodle
<4.5.4

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2
CVE-2025-3640
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 1 week ago
Moodle: idor in web service allows users enrolled in a course to access some details of other users

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.

moodle
<4.3.12
<4.5.4
<4.4.8
<4.1.18

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-linux

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.x86_64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle.aarch64-darwin

Free and open-source learning management system (LMS) written in PHP

pkgs.texlivePackages.moodle

Generating Moodle quizzes via LaTeX

pkgs.texlivePackages.moodle.x86_64-linux

Generating Moodle quizzes via LaTeX
Package maintainers: 2