Lucene search
K

129 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.7 views

CVE-2023-27376

Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...

7.5CVSS7.2AI score0.00695EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:48 a.m.6 views

CVE-2023-27375

Missing authentication in the StudentPopupDetailsContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...

7.5CVSS7.1AI score0.00695EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:48 a.m.4 views

CVE-2023-27257

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers...

7.5CVSS7AI score0.00695EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:48 a.m.3 views

CVE-2023-27259

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers...

7.5CVSS7.1AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:48 a.m.5 views

CVE-2023-26570

Missing authentication in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...

7.5CVSS7.1AI score0.00695EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.4 views

CVE-2023-27258

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers...

7.5CVSS7.2AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.3 views

CVE-2023-27377

Missing authentication in the StudentPopupDetailsEmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...

7.5CVSS7.1AI score0.00695EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.4 views

CVE-2021-24562

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...

7.5CVSS6.8AI score0.01625EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:39 p.m.10 views

CVE-2021-26227

Cross-site scripting XSS vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to editstud.php...

6.1CVSS6.5AI score0.00872EPSS
Exploits1References1
NVD
NVD
added 2025/05/07 10:15 p.m.13 views

CVE-2025-46826

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information name and number. However, the issue posed minimal risk, was never exploited, and had limited...

5.3CVSS0.00446EPSS
Exploits0References4
CNVD
CNVD
added 2025/05/07 12:0 a.m.2 views

Moodle Information Disclosure Vulnerability (CNVD-2025-10585)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive student...

7.1CVSS6.7AI score0.00356EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/30 4:27 a.m.10 views

Unauthorized Access

moodle/moodle is vulnerable to Unauthorized Access. The vulnerability is due to insufficient access control or improper enforcement of two-factor authentication 2FA, which allows an attacker to access sensitive student information before identity verification is complete...

4.3CVSS6.5AI score0.0029EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/04/25 3:15 p.m.11 views

CVE-2025-3625

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

7.1CVSS0.00356EPSS
Exploits0References2
OSV
OSV
added 2025/04/25 3:15 p.m.2 views

UBUNTU-CVE-2025-3625

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

7.1CVSS5.8AI score0.00356EPSS
Exploits0References4
OSV
OSV
added 2025/04/25 3:15 p.m.2 views

UBUNTU-CVE-2025-3627

A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication 2FA...

4.3CVSS5.8AI score0.0029EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/22 10:44 p.m.20 views

CVE-2025-3625

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

7.1CVSS6.9AI score0.00356EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.5 views

PT-2025-17908

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A security issue was discovered that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed...

7.5CVSS7.1AI score0.00356EPSS
Exploits0References14
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.5 views

Moodle 安全漏洞

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive student...

7.1CVSS6.4AI score0.00356EPSS
Exploits0References2
NVD
NVD
added 2024/12/09 9:15 a.m.16 views

CVE-2024-12307

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...

4.3CVSS0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 8:50 a.m.19 views

CVE-2024-12307 Function-Level Access Control Vulnerability Allows Unauthorized Modification of Student Data in Unifiedtransform

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...

4.3CVSS0.00237EPSS
Exploits0References1
Rows per page
Query Builder