Lucene search
K

617 matches found

OSV
OSV
added 2025/08/10 11:48 p.m.6 views

BIT-MOODLE-2025-26525 Arbitrary file read risk through pdfTeX

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...

8.6CVSS7AI score0.00409EPSS
Exploits0References3
OSV
OSV
added 2025/08/06 5:49 a.m.2 views

BIT-MOODLE-2024-43426 Moodle: arbitrary file read risk through pdftex

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed...

7.5CVSS6AI score0.00597EPSS
Exploits0References3
OSV
OSV
added 2025/07/04 2:15 p.m.1 views

DEBIAN-CVE-2025-38182

In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device...

7.8CVSS5.7AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2025/06/09 6:15 a.m.13 views

CVE-2025-3582

The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.0022EPSS
Exploits1References1
OSV
OSV
added 2025/05/31 5:57 a.m.8 views

BIT-MOODLE-2024-34000 moodle: stored XSS in lesson overview report via user ID number

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...

4.3CVSS5.6AI score0.00494EPSS
Exploits0References2
OSV
OSV
added 2025/05/31 5:57 a.m.5 views

BIT-MOODLE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

9.8CVSS6.7AI score0.00541EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/27 4:4 a.m.15 views

CVE-2025-48054 Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScri...

8.8CVSS0.00557EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:11 a.m.8 views

CVE-2024-54484

The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data...

5.5CVSS6.3AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.8 views

CVE-2023-41629

A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal...

7.5CVSS7.1AI score0.00694EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.7 views

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.4CVSS5.6AI score0.00569EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:58 p.m.7 views

CVE-2021-36401

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk...

4.8CVSS5.4AI score0.0053EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:58 p.m.8 views

CVE-2021-36398

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk...

5.4CVSS5.7AI score0.00516EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 9:9 p.m.10 views

CVE-2005-0388

Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising."...

7.5CVSS7.8AI score0.01924EPSS
Exploits0References1
OSV
OSV
added 2025/04/25 3:31 p.m.11 views

GHSA-HXGG-4QWW-85PH Moodle has reflected Cross-site Scripting risk in policy tool

A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...

5.4CVSS8.2AI score0.00276EPSS
Exploits0References6
NVD
NVD
added 2025/04/25 3:15 p.m.8 views

CVE-2025-3643

A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...

5.4CVSS0.00276EPSS
Exploits0References3
OSV
OSV
added 2025/04/25 2:43 p.m.5 views

CVE-2025-3643 Moodle: reflected xss risk in policy tool

A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...

5.4CVSS6.1AI score0.00276EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/25 2:43 p.m.8 views

CVE-2025-3643 Moodle: reflected xss risk in policy tool

A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...

5.4CVSS6.2AI score0.00276EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/22 1:29 p.m.23 views

CVE-2025-3643

A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting XSS risk...

5.4CVSS6.2AI score0.00276EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.30 views

Moodle 4.0.x < 4.0.7 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.20, 3.11.x prior to 3.11.13, 4.0.x prior to 4.0.7 or 4.1.x prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - The course participation report required additional checks to...

9.8CVSS7.5AI score0.01195EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.7 views

Moodle < 4.1.10 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.10, or 4.2.x prior to 4.2.7 or 4.3.x prior to 4.3.3. It is, therefore, affected by multiple vulnerabilities. - Actions in the admin management of analytics models did not include the necessary tok...

8.8CVSS6.3AI score0.00494EPSS
Exploits0References33
Rows per page
Query Builder