Moodle

This hub aggregates every CVE we track for Moodle, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Moodle.

• CVE-2022-50943Moodle LMS 4.0 Cross-Site Scripting via course search.php6.1May 10, 2026
• CVE-2025-49514Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации8.6Mar 6, 2026
• CVE-2026-26047Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service6.5Feb 21, 2026
• CVE-2026-26046Moodle: moodle: improper input sanitization in tex filter administration setting7.2Feb 21, 2026
• CVE-2026-26045Moodle: moodle: improper validation in file restore functionality leading to remote code execution7.2Feb 21, 2026
• CVE-2025-67857Moodle: moodle: data exposure of user identifiers in urls4.3Feb 3, 2026
• CVE-2025-67856Moodle: moodle: privilege escalation via incomplete role checks in badge awarding5.4Feb 3, 2026
• CVE-2025-67855Mooodle: mooodle: information disclosure and script execution via reflected cross-site scripting5.4Feb 3, 2026
• CVE-2025-67853Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service7.5Feb 3, 2026
• CVE-2025-67852Moodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites.3.5Feb 3, 2026
• CVE-2025-67851Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export6.1Feb 3, 2026
• CVE-2025-67850Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor7.3Feb 3, 2026
• CVE-2025-67849Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses7.3Feb 3, 2026
• CVE-2025-67848Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access.8.1Feb 3, 2026
• CVE-2025-67847Moodle: moodle: remote code execution via insufficient restore input validation8.8Jan 23, 2026