Moodle

Moodle

624 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-67856

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 11:15:55
  • Zuletzt bearbeitet 26.02.2026 22:20:43

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges the...

8.1

CVE-2025-67848

  • EPSS 0.05%
  • Veröffentlicht 03.02.2026 11:15:54
  • Zuletzt bearbeitet 11.02.2026 18:31:20

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user'...

8.8

CVE-2025-67847

  • EPSS 0.04%
  • Veröffentlicht 23.01.2026 04:35:12
  • Zuletzt bearbeitet 05.03.2026 21:00:56

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore rout...

6.1

CVE-2021-47857

Exploit
  • EPSS 0.03%
  • Veröffentlicht 21.01.2026 17:27:39
  • Zuletzt bearbeitet 05.03.2026 19:45:36

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label ...

4.3

CVE-2025-62401

  • EPSS 0.04%
  • Veröffentlicht 23.10.2025 11:29:32
  • Zuletzt bearbeitet 14.11.2025 19:03:27

An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.

4.3

CVE-2025-62395

  • EPSS 0.03%
  • Veröffentlicht 23.10.2025 11:29:29
  • Zuletzt bearbeitet 14.11.2025 19:39:08

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.

6.5

CVE-2025-62400

  • EPSS 0.04%
  • Veröffentlicht 23.10.2025 11:28:43
  • Zuletzt bearbeitet 14.11.2025 19:07:37

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.

7.5

CVE-2025-62399

  • EPSS 0.08%
  • Veröffentlicht 23.10.2025 11:28:39
  • Zuletzt bearbeitet 14.11.2025 19:09:36

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.

5.4

CVE-2025-62398

  • EPSS 0.07%
  • Veröffentlicht 23.10.2025 11:28:36
  • Zuletzt bearbeitet 14.11.2025 19:14:07

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.

5.3

CVE-2025-62397

  • EPSS 0.03%
  • Veröffentlicht 23.10.2025 11:28:33
  • Zuletzt bearbeitet 14.11.2025 19:19:30

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.