EUVD-2022-5329

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-1081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom...

CVE-2025-30235

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled...

Shearwater SecurEnvoy SecurAccess Enrol 安全漏洞

Shearwater SecurEnvoy SecurAccess Enrol is a zero-trust security solution from Shearwater SecurEnvoy. A security vulnerability exists in Shearwater SecurEnvoy SecurAccess Enrol versions prior to 9.4.515 that stems from improper handling of concurrent authentication attempts, which could result in...

CVE-2025-30236

CVE-2025-30236 affects Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515. A POST request containing a SESSION parameter can bypass the password check and authenticate with a six‑digit TOTP code, enabling potential unauthorized access. The CVSS 3.1 base score is 8.6 (HIGH) with network attack...

CVE-2025-30235

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled...

Shearwater SecurEnvoy SecurAccess Enrol 安全漏洞

Shearwater SecurEnvoy SecurAccess Enrol is a zero-trust security solution from Shearwater SecurEnvoy. A security vulnerability exists in Shearwater SecurEnvoy SecurAccess Enrol versions prior to 9.4.515, which stems from authentication by only a six-digit TOTP code...

GHSA-V9XQ-VH72-CHR4 Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...

Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...

GHSA-C3VX-V4X8-X894 Moodle does not check for the moodle/course:viewhiddencourses capability

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

Moodle does not check for the moodle/course:viewhiddencourses capability

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

GHSA-GMHR-6F43-7QPJ Moodle does not properly implement group-based access restrictions

The coreenrolgetenrolledusers web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant...

Google to auto-enrol users, YouTubers into 2SV

Googles announced some changes to how its helping millions of its users stay safe and secure. The biggest of those changes is that it plans to auto-enrol its users in to two-step verification, or 2SV. 2SV adds an extra layer when logging into your account and the additional step happens after you...

Authorization Bypass

moodle/moodle is vulnerable to authorization bypass. A teacher is able to un-enrol users without permission using course restore...

Moodle 3.x Spam Vulnerability (Mar 2018) - Linux

Unauthenticated users can trigger custom messages to admin via paypal enrol script. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Moodle 3.x Spam Vulnerability (Mar 2018) - Windows

Unauthenticated users can trigger custom messages to admin via paypal enrol script. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-1081

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...

Design/Logic Flaw

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...

CVE-2018-1081

A vulnerability (CVE-2018-1081) affects Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to the admin via the PayPal Enrol script; the PayPal IPN callback script should only send error emails to the ...

FreeBSD : moodle -- multiple vulnerabilities (cdb4d962-34f9-11e8-92db-080027907385)

moodle reports : Unauthenticated users can trigger custom messages to admin via paypal enrol script. Suspended users with OAuth 2 authentication method can still log in to the site. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...