CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

OSV•added 2025/11/26 8:15 p.m.•2 views

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

4.3CVSS6.2AI score0.00041EPSS

Exploits2References3

OSV•added 2025/11/17 11:47 p.m.•1 views

BIT-MOODLE-2025-62397 Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

5.3CVSS6.8AI score0.00051EPSS

Exploits0References3

OSV•added 2025/10/23 12:15 p.m.•1 views

CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

5.3CVSS6.8AI score0.00051EPSS

Exploits0References2

CVE•added 2025/10/23 11:28 a.m.•9 views

CVE-2025-62397

CVE-2025-62397 describes a router-side issue where responses to invalid course IDs are inconsistent, enabling an attacker to infer which course IDs exist (information disclosure for reconnaissance). The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network access with low confi...

5.3CVSS6.5AI score0.00051EPSS

Exploits0References2Affected Software1