27 matches found
EUVD-2020-12584
Malware in sbrugna...
EUVD-2022-5805
Malicious code in bioql PyPI...
EUVD-2022-2507
Malicious code in bioql PyPI...
EUVD-2022-0540
Malicious code in bioql PyPI...
EUVD-2022-4000
Malicious code in bioql PyPI...
EUVD-2022-5797
Malicious code in bioql PyPI...
EUVD-2022-2314
Malicious code in bioql PyPI...
EUVD-2022-5643
Malicious code in bioql PyPI...
EUVD-2022-5471
Malicious code in bioql PyPI...
BIT-MOODLE-2025-3638 Moodle: csrf risk in brickfield tool's analysis request action
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery CSRF risk...
Moodle allows IDOR when accessing the cohorts report
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve...
GHSA-345Q-9JMQ-G9Q4 Moodle allows unauthenticated REST API user data exposure
A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites where PHP is configured with zend.exceptionignoreargs = 'On' or...
CVE-2025-3640
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...
CVE-2025-3647 Moodle: idor when accessing the cohorts report
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve...
CVE-2025-3644 Moodle: ajax section delete does not respect course_can_delete_section()
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify...
CVE-2025-3641
CVE-2025-3641 affects Moodle (Moodle LMS) with a remote code execution risk in the Dropbox repository. By default, this is limited to sites where the Dropbox repository is enabled and accessible only to teachers and managers. The provided metrics indicate a high severity (CVSS 3.1: 8.8, Impact: c...
CVE-2025-3641 Moodle: authenticated remote code execution risk in the moodle lms dropbox repository
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled...
CVE-2025-3638 Moodle: csrf risk in brickfield tool's analysis request action
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery CSRF risk...
PT-2025-17917
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw was found in Moodle, specifically a remote code execution risk in the Moodle LMS EQUELLA repository. This repository is only available to teachers and managers by default on sites where...
PT-2025-17908
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A security issue was discovered that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed...