CVE-2025-67259

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

Linux Distros Unpatched Vulnerability : CVE-2025-62394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages...

CVE-2025-62394

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

CVE-2025-62393

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass in the courseoutputfragmentcourseoverview function. An attacker can gain unauthorized access to limited course information by bypassing access permission checks. Remediation...

EUVD-2025-35672

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

CVE-2025-62394 Moodle: quiz notifications sent to suspended participants

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the course overview output feature not fully enforcing user access...

PT-2025-43442

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description Moodle did not properly check enrolment status when sending notifications about quizzes. This allowed suspended or inactive users to receive quiz-related messages, potentially revealing limite...

EUVD-2012-1191

Malware in sbrugna...

EUVD-2012-1189

Malware in sbrugna...

EUVD-2022-3813

Malicious code in bioql PyPI...

GHSA-FP4H-J22R-VWCV Moodle allows attackers to obtain sensitive course information

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course...

Moodle allows attackers to obtain sensitive course information

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course...

Moodle allows attackers to obtain username and course information

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in 1 notes/index.php and 2 user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a...

Moodle 安全漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17, which stems from a failure to validate that a requesting...

Design/Logic Flaw

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results...

CVE-2012-1161

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results...

CVE-2015-2270

Moodle is affected by CVE-2015-2270 via lib/moodlelib.php when the theme uses the blocks-regions feature. The issue is present in Moodle versions up to 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4. In these versions, the login-validation process establishes the course sta...