Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how moodle compares to other vendors in security performance

View Risk Score →

Moodle Moodle LMSMoodle LMS 4.0 Cross-Site Scripting via course search.php

Risk 38
Severity
5.1
First published (updated )
CVE-2022-50943

Moodle Moodle 5.2End of life details

EOL
Oct 4, 2027
Support Ends
Apr 19, 2027
First published (updated )
EOL-moodle-5.2

Moodle MoodleMoodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

Risk 27
Severity
6.5
EPSS
0.07%
First published (updated )
CVE-2026-26047

Moodle MoodleA Denial-of-Service vulnerability exists in Moodle’s TeX formula editor due to missing execution tim…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2440905

Moodle MoodleMoodle: moodle: improper input sanitization in tex filter administration setting

Risk 49
Severity
7.2
EPSS
0.18%
First published (updated )
CVE-2026-26046
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle MoodleMoodle: moodle: improper validation in file restore functionality leading to remote code execution

Risk 49
Severity
7.2
EPSS
0.09%
First published (updated )
CVE-2026-26045

Moodle MoodleA Remote Code Execution vulnerability exists in Moodle’s file restore functionality due to insuffici…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2440901

Moodle MoodleMoodle: moodle: remote code execution via insufficient restore input validation

Risk 79
Severity
8.8
First published (updated )
CVE-2025-67847

Moodle MoodleMoodle 3.10.3 - 'label' Persistent Cross Site Scripting

Risk 44
Severity
7.2
First published (updated )
CVE-2021-47857

Moodle MoodleMoodle: moodle: data exposure of user identifiers in urls

Risk 27
Severity
5.3
First published (updated )
CVE-2025-67857
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle MoodleMoodle: moodle: privilege escalation via incomplete role checks in badge awarding

Risk 86
Severity
9.8
First published (updated )
CVE-2025-67856

composer/moodle/moodleMooodle: mooodle: information disclosure and script execution via reflected cross-site scripting

Risk 38
Severity
6.1
First published (updated )
CVE-2025-67855

composer/moodle/moodleMoodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service

Risk 43
Severity
7.5
First published (updated )
CVE-2025-67853

Moodle MoodleMoodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites.

Risk 38
Severity
6.1
First published (updated )
CVE-2025-67852

composer/moodle/moodleMoodle: moodle: formula injection allows arbitrary formula execution via unescaped data export

Risk 68
Severity
7.8
First published (updated )
CVE-2025-67851
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

composer/moodle/moodleMoodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor

Risk 54
Severity
7.3
First published (updated )
CVE-2025-67850

composer/moodle/moodleMoodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

Risk 54
Severity
7.3
First published (updated )
CVE-2025-67849

Moodle MoodleMoodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access.

Risk 60
Severity
8.1
First published (updated )
CVE-2025-67848

Moodle PDF Annotator pluginXSS

Risk 34
Severity
5.4
First published (updated )
CVE-2025-60506

Moodle OpenAI Chat Block pluginMoodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference …

Risk 22
Severity
4.3
First published (updated )
CVE-2025-60511
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle GeniAI pluginXSS

Risk 70
Severity
8.9
First published (updated )
CVE-2025-60507

Moodle MoodleMoodle: possible to bypass timer in timed assignments

Risk 34
Severity
5.4
First published (updated )
CVE-2025-62401

Moodle MoodleMoodle: hidden group names visible to event creators

Risk 38
Severity
6.5
First published (updated )
CVE-2025-62400

Moodle MoodleMoodle: password brute force risk when mobile/web services enabled

Risk 43
Severity
7.5
First published (updated )
CVE-2025-62399

Moodle MoodleMoodle: possible to bypass mfa

Risk 34
Severity
5.4
First published (updated )
CVE-2025-62398
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle MoodleMoodle: router produces json instead of 404 error for invalid course id

Risk 27
Severity
5.3
First published (updated )
CVE-2025-62397

Moodle MoodleMoodle: router (r.php) could expose application directories

Risk 27
Severity
5.3
First published (updated )
CVE-2025-62396

Moodle MoodleMoodle: external cohort search service leaks system cohort data

Risk 22
Severity
4.3
First published (updated )
CVE-2025-62395

Moodle MoodleMoodle: quiz notifications sent to suspended participants

Risk 22
Severity
4.3
First published (updated )
CVE-2025-62394

Moodle MoodleMoodle: course access permissions not properly checked in course_output_fragment_course_overview

Risk 22
Severity
4.3
First published (updated )
CVE-2025-62393
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203