CVE-2016-0724 medium 4.3
4.3
10y ago
Moodle sensitive information disclosure
fedora php
CVE-2015-5342 medium 4.3
4.3
10y ago
Moodle allows attackers to bypass intended access restrictions
php
CVE-2015-5341 medium 4.3
4.3
10y ago
Moodle allows attackers to read SCORM contents
php
CVE-2015-5340 medium 4.3
4.3
10y ago
Moodle sensitive information disclosure
php
CVE-2015-5339 medium 4.3
4.3
10y ago
Moodle does not properly implement group-based access restrictions
php
CVE-2015-5335 medium 4.3
4.3
10y ago
Moodle cross-site request forgery (CSRF) vulnerability
php
CVE-2015-5331 medium 4.3
4.3
10y ago
Moodle improper access control
php
CVE-2015-5268 medium 4.3
4.3
10y ago
Moodle mishandles group-based authorization checks
php
CVE-2015-5265 medium 4.3
4.3
10y ago
Moodle allows attackers to delete files
php
CVE-2015-3176 medium —
4.3
11y ago
Moodle allows attackers obtain full-name information
php
CVE-2015-2270 medium —
4.3
11y ago
Moodle allows attackers to obtain sensitive course information
php
CVE-2014-9059 medium —
4.3
12y ago
Moodle does not provide charset information in HTTP headers
php
CVE-2014-3548 medium —
4.3
12y ago
Moodle multiple cross-site scripting (XSS) vulnerabilities
php
CVE-2014-3547 medium —
4.3
12y ago
Moodle multiple cross-site scripting (XSS) vulnerabilities
php
CVE-2014-3543 medium —
4.3
12y ago
Moodle Arbitrary File Read via XML External Entity vulnerability
php
CVE-2014-3542 medium —
4.3
12y ago
Moodle allows remote attackers to read arbitrary files
php
CVE-2014-0218 medium —
4.3
12y ago
Moodle cross-site scripting (XSS) vulnerability
php
CVE-2014-0217 medium —
4.3
12y ago
Moodle does not check for the moodle/course:viewhiddencourses capability
php
CVE-2013-7341 medium —
4.3
12y ago
Moodle cross-site scripting (XSS) vulnerabilities
php
CVE-2013-4942 medium —
4.3
13y ago
YUI Cross-site Scripting (XSS) vulnerability
npm php
CVE-2013-4941 medium —
4.3
13y ago
YUI Cross-site Scripting (XSS) vulnerability
npm php
CVE-2013-4940 medium —
4.3
13y ago
YUI Cross-site Scripting (XSS) vulnerability
npm php
CVE-2013-2081 medium —
4.3
13y ago
Moodle does not consider "don't send" attributes during hub registration
php
CVE-2011-4286 medium —
4.3
14y ago
Moodle vulnerable to Cross-site Scripting
php
CVE-2011-4282 medium —
4.3
14y ago
Moodle vulnerable to Cross-site Scripting
php
CVE-2011-4280 medium —
4.3
14y ago
Moodle vulnerable to XSS via bundled spikephpcoverage library
php
CVE-2011-4278 medium —
4.3
14y ago
Moodle XSS In Tag Autocomplete functionality
php
CVE-2011-4306 medium —
4.3
14y ago
Moodle XSS Vulnerability
php
CVE-2011-4299 medium —
4.3
14y ago
Moodle vulnerable to Cross-Site Scripting
php
CVE-2010-1619 medium —
4.3
16y ago
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, a…
debian php
CVE-2010-1618 medium —
4.3
16y ago
phpCAS client library and Moodle Cross-site Scripting vulnerability
php
CVE-2010-1614 medium —
4.3
16y ago
Moodle vulnerable to Cross-site Scripting
php
CVE-2015-3181 medium —
4.0
11y ago
Moodle allows attackers to bypass file-management restrictions
php
CVE-2015-3180 medium —
4.0
11y ago
Moodle allows attackers to obtain sensitive course-structure information
php
CVE-2015-2272 medium —
4.0
11y ago
Moodle allows attackers to bypass a forced-password-change requirement
php
CVE-2015-2271 medium —
4.0
11y ago
Moodle does not consider the moodle/tag:flag capability
php
CVE-2015-2267 medium —
4.0
11y ago
Moodle allows attackers to extract archives to arbitrary directories
php
CVE-2015-2266 medium —
4.0
11y ago
Moodle allows attackers to obtain sensitive personal-contact and unread-message-count information
php
CVE-2015-0215 medium —
4.0
11y ago
Moodle allows attackers to obtain sensitive calendar-event information
php
CVE-2015-0214 medium —
4.0
11y ago
Moodle allows attackers to bypass a messaging-disabled setting
php
CVE-2015-0211 medium —
4.0
11y ago
Moodle allows attackers to obtain sensitive information
php
CVE-2014-7846 medium —
4.0
12y ago
Moodle does not consider the moodle/tag:edit capability before adding a tag
php
CVE-2014-7834 medium —
4.0
12y ago
Moodle does not verify group permissions
php
CVE-2014-7833 medium —
4.0
12y ago
Moodle allows attackers to obtain sensitive information
php
CVE-2014-7832 medium —
4.0
12y ago
Moodle allows attackers to bypass the mod/lti:view capability requirement
php
CVE-2014-7831 medium —
4.0
12y ago
Moodle exposes hidden grades to students
php
CVE-2014-3617 medium —
4.0
12y ago
Moodle allows discovery of an author's username
php
CVE-2014-0215 medium —
4.0
12y ago
Moodle Reveals Student Information Meant To Be Anonymous
php
CVE-2014-2572 medium —
4.0
12y ago
Moodle attackers to modify grade metadata
php
CVE-2014-0129 medium —
4.0
12y ago
Moodle allows attackers to modify the visibility of a badge
php
CVE-2014-0124 medium —
4.0
12y ago
Moodle allows attackers to obtain sensitive information
php
CVE-2013-2080 medium —
4.0
13y ago
Moodle is vulnerable to Sensitive Information Disclosure
php
CVE-2013-1834 medium —
4.0
13y ago
Moodle allows remote authenticated users to reassign notes
php
CVE-2013-1832 medium —
4.0
13y ago
Moodle includes the WebDAV password in the configuration form
php
CVE-2012-6099 medium —
4.0
14y ago
Moodle Arbitrary File Read via Backup Functionality
php
CVE-2012-3387 medium —
4.0
14y ago
Moodle Authentication Bypass in File Upload
php
CVE-2012-2356 medium —
4.0
14y ago
Moodle Authentication Bypass in Question-Bank
php
CVE-2012-2353 medium —
4.0
14y ago
Moodle Exposes Sensitive User Information
php
CVE-2011-4292 medium —
4.0
14y ago
Moodle allows remote authenticated users to cause a denial of service (invalid database records)
php
CVE-2011-4291 medium —
4.0
14y ago
Moodle allows remote authenticated users to cause a denial of service (invalid database records)
php
CVE-2011-4289 medium —
4.0
14y ago
Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members
php
CVE-2010-2230 medium —
4.0
16y ago
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site sc…
debian php
CVE-2010-1617 medium —
4.0
16y ago
Moodle doesn't properly check role
php
CVE-2010-1616 medium —
4.0
16y ago
Moodle is vulnerable to unauthorized new accounts creation
php
CVE-2015-3179 low —
3.5
11y ago
Moodle allows attackers to bypass intended login restrictions
php
CVE-2015-3178 low —
3.5
11y ago
Moodle cross-site scripting (XSS) vulnerability
php
CVE-2015-3174 low —
3.5
11y ago
Moodle does not set the RISK_XSS bit for graders
php
CVE-2015-2273 low —
3.5
11y ago
Moodle cross-site scripting (XSS) vulnerability
php
CVE-2015-2269 low —
3.5
11y ago
Moodle XSS Vulnerability
php
CVE-2015-0216 low —
3.5
11y ago
Moodle does not set the RISK_XSS bit for graders
php
CVE-2015-0212 low —
3.5
11y ago
Moodle cross-site scripting (XSS) vulnerability
php
CVE-2014-7830 low —
3.5
12y ago
Moodle cross-site scripting (XSS) vulnerability
php
CVE-2014-3551 low —
3.5
12y ago
Moodle multiple cross-site scripting (XSS) vulnerabilities
php
CVE-2014-3544 low —
3.5
12y ago
Moodle cross-site scripting (XSS) vulnerability
php
CVE-2014-2571 low —
3.5
12y ago
Moodle cross-site scripting (XSS) vulnerability
php
CVE-2013-1835 low —
3.5
13y ago
Moodle's login_as feature leaks information from external repositories
php
CVE-2013-1833 low —
3.5
13y ago
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
php
CVE-2014-7835 low —
2.1
12y ago
Moodle allows attackers to upload files containing JavaScript
php
CVE-2026-26045 unknown —
—
3mo ago
Moodle has a Remote Code Execution risk via file restore
php
CVE-2026-26047 unknown —
—
3mo ago
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
php
CVE-2025-67852 unknown —
—
4mo ago
Moodle Open Redirect vulnerability
php
CVE-2025-67856 unknown —
—
4mo ago
Moodle has an authorization logic flaw
php
CVE-2025-67853 unknown —
—
4mo ago
Moodle Affected by Improper Restriction of Excessive Authentication Attempts
php
CVE-2025-67857 unknown —
—
4mo ago
Moodle Inserts Sensitive Information Into Sent Data
php
CVE-2025-67855 unknown —
—
4mo ago
Moodle vulnerable to Cross-site Scripting
php
CVE-2025-67851 unknown —
—
4mo ago
Moodle formula injection vulnerability
php
CVE-2025-67849 unknown —
—
4mo ago
Moodle Cross-site Scripting (XSS) vulnerability
php
CVE-2025-67848 unknown —
—
4mo ago
Moodle authentication bypass vulnerability
php
CVE-2025-67850 unknown —
—
4mo ago
Moodle vulnerable to Cross-site Scripting
php
CVE-2025-67847 unknown —
—
4mo ago
Moodle affected by a code injection vulnerability
php
CVE-2025-62401 unknown —
—
7mo ago
Moodle has a time restriction bypass
php
CVE-2025-62398 unknown —
—
7mo ago
Moodle does not properly enforce MFA
php
CVE-2025-62399 unknown —
—
7mo ago
Moodle vulnerable to brute-force password guesses
php
CVE-2025-62400 unknown —
—
7mo ago
Moodle exposed the names of hidden groups to users
php
CVE-2025-62396 unknown —
—
7mo ago
Moodle's error handling leads to sensitive information disclosure
php
CVE-2025-62394 unknown —
—
7mo ago
Moodle sends quiz-related messages to inactive/suspended users
php
CVE-2025-62393 unknown —
—
7mo ago
Moodle course access permissions are not properly checked in course_output_fragment_course_overview
php
CVE-2025-53021 unknown —
—
11mo ago
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter
php
CVE-2025-3647 unknown —
—
1y ago
Moodle allows IDOR when accessing the cohorts report
php
CVE-2025-3638 unknown —
—
1y ago
Moodle has a CSRF risk in Brickfield tool's analysis request action
php