Where
-Infinity
0

Trending

Last week
Last month
Last year

Moodle Moodle LMSA remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default this wa…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2359738

Moodle Moodle LMSA remote code execution risk was identified in the Moodle LMS Dropbox repository. By default this wa…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2359735

Moodle MoodleMoodle: moodle allows course self-enrolment before completing mfa

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-3634

Moodle moodleOn certain Moodle sites, it was possible to retrieve user data, including names, contact information…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2356829

Moodle moodle 4.3Reached end of life

EOL
Apr 21, 2025
Support Ends
Oct 7, 2024
First published (updated )
latest-version-moodle-4.3
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle moodle 4.3Reached end of life

EOL
Apr 21, 2025
Support Ends
Oct 7, 2024
First published (updated )
EOL-moodle-4.3

Moodle moodleMoodle: reflected xss via h5p error message

Risk 38
Severity
6.1
First published (updated )
CVE-2024-43439

composer/moodle/moodleMoodle: xss risk when restoring malicious course backup file

Risk 39
Severity
6.1
First published (updated )
CVE-2024-43437

composer/moodle/moodleMoodle: can create global glossary without being admin

Risk 28
Severity
5.3
First published (updated )
CVE-2024-43435

composer/moodle/moodleMoodle: matrix user/power level management not always working as expected with suspended users

Risk 28
Severity
5.3
First published (updated )
CVE-2024-43433
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

composer/moodle/moodleMoodle: authorization headers preserved between "emulated redirects"

Risk 28
Severity
5.3
First published (updated )
CVE-2024-43432

composer/moodle/moodleMoodle: lack of access control when using external methods for quiz overrides

Risk 28
Severity
5.3
First published (updated )
CVE-2024-43430

composer/moodle/moodleMoodle: user information visibility control issues in gradebook reports

Risk 28
Severity
5.3
First published (updated )
CVE-2024-43429

composer/moodle/moodleMoodle: admin presets export tool includes some secrets that should not be exported

Risk 21
Severity
3.7
First published (updated )
CVE-2024-43427

composer/moodle/moodleMoodle: lfi vulnerability when restoring malformed block backups

Risk 45
Severity
7.5
First published (updated )
CVE-2024-43440
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

composer/moodle/moodleMoodle: csrf risk in feedback non-respondents report

Risk 61
Severity
8.1
First published (updated )
CVE-2024-43434

composer/moodle/moodleMoodle: idor in badges allows deletion of arbitrary badges

Risk 45
Severity
7.5
First published (updated )
CVE-2024-43431

composer/moodle/moodleMoodle: cache poisoning via injection into storage

Risk 59
Severity
7.7
First published (updated )
CVE-2024-43428

composer/moodle/moodleMoodle: remote code execution via calculated question types

Risk 92
Severity
8.1
Exploited
First published (updated )
CVE-2024-43425

composer/moodle/moodleMoodle: idor when accessing list of badge recipients

Risk 17
Severity
4.3
EPSS
0.04%
First published (updated )
CVE-2024-48900
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

composer/moodle/moodleMoodle: some users can delete audiences of other reports

Risk 28
Severity
6.5
EPSS
0.05%
First published (updated )
CVE-2024-48898

composer/moodle/moodleMoodle: idor when fetching report schedules

Risk 17
Severity
4.3
EPSS
0.05%
First published (updated )
CVE-2024-48901

composer/moodle/moodleMoodle: users' names returned in messaging error message

Risk 17
Severity
4.3
EPSS
0.05%
First published (updated )
CVE-2024-48896

composer/moodle/moodleMoodle: idor in edit/delete rss feed

Risk 28
Severity
6.5
EPSS
0.05%
First published (updated )
CVE-2024-48897

composer/moodle/moodleMoodle: idor when accessing list of course badges

Risk 17
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2024-48899
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

composer/moodle/moodleMoodle: idor when deleting oauth2 linked accounts

Risk 46
Severity
7.5
First published (updated )
CVE-2024-45690

composer/moodle/moodleMoodle: lesson activity password bypass through php loose comparison

Risk 36
Severity
5.4
First published (updated )
CVE-2024-45691

Moodle moodleMoodle: unprotected access to sensitive information via dynamic tables

Risk 40
Severity
6.5
First published (updated )
CVE-2024-45689

Moodle Virtual Programming LabXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2024-34312

Moodle moodleXSS

Risk 40
Severity
5.5
First published (updated )
CVE-2024-37674
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203