CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

CVE-2026-46824

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

9.9CVSS5.5AI score0.00091EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-20042

Malware in sbrugna...

4.3CVSS4.7AI score0.00081EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-4900

Malware in sbrugna...

7.5CVSS6.4AI score0.00597EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-4274

Malicious code in bioql PyPI...

8.3CVSS8AI score0.00961EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-7134

Malicious code in bioql PyPI...

9.8CVSS5.8AI score0.0071EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-3698

Malicious code in bioql PyPI...

8.8CVSS6.8AI score0.00554EPSS

Exploits0References3

Tenable Nessus•added 2025/09/05 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2022-40315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A limited SQL injection risk was identified in the browse list of users site administration page. CVE-2022-40315 Note that Nessus relies on the presence of the...

9.8CVSS6.4AI score0.0071EPSS

Exploits0References2

Snyk•added 2025/02/24 9:31 p.m.•5 views

Cross-site Scripting (XSS)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the site administration live log. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an...

8.3CVSS6.9AI score0.00961EPSS

Exploits1References2

OSV•added 2025/02/24 8:15 p.m.•6 views

CVE-2025-26529

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk...

6.1CVSS5.3AI score

Exploits0References2

NVD•added 2025/02/24 8:15 p.m.•17 views

CVE-2025-26529

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk...

8.3CVSS0.00961EPSS

Exploits1References2

OSV•added 2025/02/24 8:15 p.m.•2 views

UBUNTU-CVE-2025-26529

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk...

8.3CVSS5.6AI score0.00961EPSS

Exploits1References4

Vulnrichment•added 2025/02/24 7:52 p.m.•23 views

CVE-2025-26529 Stored XSS risk in admin live log

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk...

8.3CVSS5.7AI score0.00961EPSS

Exploits1References2

CVE•added 2025/02/24 7:52 p.m.•114 views

CVE-2025-26529

CVE-2025-26529 affects Moodle, with the root cause a vulnerability in how Description information is displayed in the site administration live log, requiring additional sanitizing to prevent stored XSS. The entry is evidenced across multiple feeds, including a GitHub PoC claiming a Moodle XSS to ...

8.3CVSS5.6AI score0.00961EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/02/18 12:0 a.m.•4 views

PT-2025-7686

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 4.5.4-alt1 Description The issue is a stored Cross-Site Scripting XSS risk within the site administration live log. Insufficient sanitization of description information displayed in this log allows for the injection of...

10CVSS7.1AI score0.92879EPSS

Exploits3References95

Veracode•added 2024/12/03 9:54 a.m.•7 views

Sensitive Information Exposure

Moodle is vulnerable to Sensitive Information Exposure. The vulnerability is due to sensitive secrets and keys not being excluded from site administration preset exports, potentially leading to unintentional data leaks when presets are shared with third parties...

3.7CVSS6.4AI score0.00632EPSS

Exploits0References4Affected Software1

OSV•added 2024/11/11 1:15 p.m.•3 views

CVE-2024-43427

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party...

3.7CVSS6.3AI score

Exploits0References2

OSV•added 2024/11/11 1:15 p.m.•2 views

UBUNTU-CVE-2024-43427

3.7CVSS5.6AI score0.00632EPSS

Exploits0References4

Github Security Blog•added 2024/11/07 3:31 p.m.•15 views

Moodle vulnerable to site administration SQL injection via XMLDB editor

A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators...

7.2CVSS7.6AI score0.00496EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2024/08/19 12:0 a.m.•4 views

PT-2024-8634 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 4.4.2 Description: A flaw was found in Moodle where sensitive secrets and keys are not excluded from the export of site administration presets, potentially leading to unintentional leakage if shared with a third party...

8.8CVSS5.3AI score0.88917EPSS

Exploits8References79

OSV•added 2024/03/06 11:11 a.m.•14 views

BIT-MOODLE-2020-25629

A vulnerability was found in Moodle where users with "Log in as" capability in a course context typically, course managers may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier...

8.8CVSS8.3AI score0.00554EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by