CVE-2026-30884

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

CVE-2026-30884

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

CVE-2026-30884 mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

EUVD-2026-12745

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

CVE-2026-30884

CVE-2026-30884 affects the Moodle plugin mdjnelson/moodle-mod_customcert . Prior to versions 4.4.9 and 5.0.3, a teacher with the mod/customcert:manage capability in any single course can read and silently overwrite certificate elements for other courses. The vulnerability arises because the core_...

CVE-2026-30884 mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

CVE-2026-30884

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

CVE-2026-30884 mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

Moodle PDF Annotator plugin 安全漏洞

Moodle PDF Annotator plugin is an open source teaching plugin for Moodle. A security vulnerability exists in Moodle PDF Annotator plugin version 1.5 release 9, which stems from the public comments feature not properly filtering input and could lead to a stored cross-site scripting attack...

CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

CVE-2025-60507

CVE-2025-60507 describes a cross-site scripting vulnerability in Moodle GeniAI plugin (local_geniai) version 2.3.6. An authenticated user with the Teacher role can upload a PDF containing embedded JavaScript. The system outputs a direct HTML link to the uploaded file without sanitization, enablin...

EUVD-2022-33043

Malicious code in bioql PyPI...

EUVD-2022-41728

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-39183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. CVE-2022-39183 Note that Nessus relies on the presence of the package as reported...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

VulnCheck KEV: CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary...

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

CVE-2019-15536

The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via deleterecords...

VPL-JAIL-SYSTEM Security Vulnerability

VPL-JAIL-SYSTEM is a library by the individual developer of jcrodriguez-dis. Provides an execution sandbox for the VPL Moodle plugin. A security vulnerability exists in VPL-JAIL-SYSTEM v4.0.2 and earlier versions, which stems from a path traversal issue...

CVE-2022-39183

Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors...