CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

168 matches found

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.4AI score0.83646EPSS

Exploits0References5

CVE•added 2026/04/03 10:4 p.m.•6 views

CVE-2026-34052

CVE-2026-34052 affects the LTI JupyterHub Authenticator used with JupyterHub. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds, with nonces added before signature validation. An attacker who knows a valid consumer key can send...

5.9CVSS5.8AI score0.00018EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/04/03 10:4 p.m.•3 views

CVE-2026-34052

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

5.9CVSS5.8AI score0.00018EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2026/04/03 9:42 p.m.•3 views

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a...

5.9CVSS5.9AI score0.00018EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2026/02/04 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-67848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI...

8.1CVSS5.3AI score0.00046EPSS

Exploits0References2

OpenVAS•added 2025/12/22 12:0 a.m.•12 views

Moodle Multiple Vulnerabilities (Dec 2025)

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

9.8CVSS5.8AI score0.00049EPSS

Exploits0References10

VulnCheck KEV•added 2025/11/05 12:0 a.m.•4 views

VulnCheck KEV: CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS7.2AI score0.03402EPSS

In wildExploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-4783

Malware in sbrugna...

4.3CVSS6.2AI score0.0025EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-3360

Malware in sbrugna...

4.3CVSS6.1AI score0.00295EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-2666