Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how moodle compares to other vendors in security performance

View Risk Score →

Moodle Moodle LMSMoodle LMS 4.0 Cross-Site Scripting via course search.php

Risk 38
Severity
5.1
First published (updated )
CVE-2022-50943

Moodle MoodleMoodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

Risk 27
Severity
6.5
EPSS
0.07%
First published (updated )
CVE-2026-26047

Moodle MoodleA Denial-of-Service vulnerability exists in Moodle’s TeX formula editor due to missing execution tim…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2440905

Moodle MoodleMoodle: moodle: data exposure of user identifiers in urls

Risk 27
Severity
5.3
First published (updated )
CVE-2025-67857

composer/moodle/moodleMooodle: mooodle: information disclosure and script execution via reflected cross-site scripting

Risk 38
Severity
6.1
First published (updated )
CVE-2025-67855
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle MoodleMoodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites.

Risk 38
Severity
6.1
First published (updated )
CVE-2025-67852

Moodle PDF Annotator pluginXSS

Risk 34
Severity
5.4
First published (updated )
CVE-2025-60506

Moodle OpenAI Chat Block pluginMoodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference …

Risk 22
Severity
4.3
First published (updated )
CVE-2025-60511

Moodle MoodleMoodle: possible to bypass timer in timed assignments

Risk 34
Severity
5.4
First published (updated )
CVE-2025-62401

Moodle MoodleMoodle: hidden group names visible to event creators

Risk 38
Severity
6.5
First published (updated )
CVE-2025-62400
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle MoodleMoodle: possible to bypass mfa

Risk 34
Severity
5.4
First published (updated )
CVE-2025-62398

Moodle MoodleMoodle: router produces json instead of 404 error for invalid course id

Risk 27
Severity
5.3
First published (updated )
CVE-2025-62397

Moodle MoodleMoodle: router (r.php) could expose application directories

Risk 27
Severity
5.3
First published (updated )
CVE-2025-62396

Moodle MoodleMoodle: external cohort search service leaks system cohort data

Risk 22
Severity
4.3
First published (updated )
CVE-2025-62395

Moodle MoodleMoodle: quiz notifications sent to suspended participants

Risk 22
Severity
4.3
First published (updated )
CVE-2025-62394
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle MoodleMoodle: course access permissions not properly checked in course_output_fragment_course_overview

Risk 22
Severity
4.3
First published (updated )
CVE-2025-62393

Moodle MoodleInsufficient handling of access control checks in the course_output_fragment_course_overview() funct…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2404426

Moodle LMS Jmol pluginMoodle LMS Jmol Plugin Cross-site Scripting (XSS)

Risk 38
Severity
5.1
First published (updated )
CVE-2025-34032

Moodle MoodleA session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to h…

Risk 21
Severity
4.2
EPSS
0.06%
First published (updated )
CVE-2025-53021

Moodle MoodleMoodle: idor when accessing the cohorts report

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-3647
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle MoodleMoodle: idor in messaging web service allows access to some user details

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-3645

Moodle MoodleMoodle: ajax section delete does not respect course_can_delete_section()

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-3644

Moodle MoodleMoodle: reflected xss risk in policy tool

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2025-3643

Moodle MoodleMoodle: idor in web service allows users enrolled in a course to access some details of other users

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-3640

Moodle MoodleMoodle: idor in moodle rss block allows unauthorized access to rss feeds

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-3636
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Moodle MoodleMoodle: moodle allows course self-enrolment before completing mfa

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-3634

Moodle MoodleMoodle: moodle assignment submission search leaks anonymous student identities

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-3628

Moodle MoodleMoodle: partial data exposure in moodle before completing multi-factor authentication

Risk 16
Severity
4.3
EPSS
0.04%
First published (updated )
CVE-2025-3627

Moodle MoodleMoodle: hidden grades shown to users without permission on some grade reports

Risk 27
Severity
5.3
First published (updated )
CVE-2025-32045

composer/moodle/moodleTeachers can evade trusttext config when restoring glossary entries

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2025-26532
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203