moodle

Top products

The 15 most recently published vulnerabilities affecting moodle.

• CVE-2022-50943Moodle LMS 4.0 Cross-Site Scripting via course search.php6.1May 10, 2026
• CVE-2026-26047Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service6.5Feb 21, 2026
• CVE-2026-26046Moodle: moodle: improper input sanitization in tex filter administration setting7.2Feb 21, 2026
• CVE-2026-26045Moodle: moodle: improper validation in file restore functionality leading to remote code execution7.2Feb 21, 2026
• CVE-2025-67857Moodle: moodle: data exposure of user identifiers in urls4.3Feb 3, 2026
• CVE-2025-67856Moodle: moodle: privilege escalation via incomplete role checks in badge awarding5.4Feb 3, 2026
• CVE-2025-67855Mooodle: mooodle: information disclosure and script execution via reflected cross-site scripting5.4Feb 3, 2026
• CVE-2025-67853Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service7.5Feb 3, 2026
• CVE-2025-67852Moodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites.3.5Feb 3, 2026
• CVE-2025-67851Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export6.1Feb 3, 2026
• CVE-2025-67850Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor7.3Feb 3, 2026
• CVE-2025-67849Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses7.3Feb 3, 2026
• CVE-2025-67848Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access.8.1Feb 3, 2026
• CVE-2025-67847Moodle: moodle: remote code execution via insufficient restore input validation8.8Jan 23, 2026
• CVE-2021-47857Moodle 3.10.3 - 'label' Persistent Cross Site Scripting7.2Jan 21, 2026