617 matches found
BIT-MOODLE-2025-26525 Arbitrary file read risk through pdfTeX
Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...
BIT-MOODLE-2024-43426 Moodle: arbitrary file read risk through pdftex
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed...
DEBIAN-CVE-2025-38182
In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device...
CVE-2025-3582
The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
BIT-MOODLE-2024-34000 moodle: stored XSS in lesson overview report via user ID number
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...
BIT-MOODLE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php
The referrer URL used by MFA required additional sanitizing, rather than being used directly...
CVE-2025-48054 Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScri...
CVE-2024-54484
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data...
CVE-2023-41629
A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal...
CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
CVE-2021-36401
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk...
CVE-2021-36398
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk...
CVE-2005-0388
Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising."...
GHSA-HXGG-4QWW-85PH Moodle has reflected Cross-site Scripting risk in policy tool
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...
CVE-2025-3643
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...
CVE-2025-3643 Moodle: reflected xss risk in policy tool
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...
CVE-2025-3643 Moodle: reflected xss risk in policy tool
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...
CVE-2025-3643
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...
Moodle 4.0.x < 4.0.7 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.20, 3.11.x prior to 3.11.13, 4.0.x prior to 4.0.7 or 4.1.x prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - The course participation report required additional checks to...
Moodle < 4.1.10 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...