Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 643
CVE-2025-62401
An issue in Moodle\u2019s timed assignment feature allowed students to ...
CVE-2025-62400
Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.
CVE-2025-62400
Moodle exposed the names of hidden groups to users who had permission ...
CVE-2025-62399
Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.
CVE-2025-62399
Moodle\u2019s mobile and web service authentication endpoints did not ...
CVE-2025-62398
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.
CVE-2025-62398
A serious authentication flaw allowed attackers with valid credentials ...
CVE-2025-62397
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.
CVE-2025-62397
The router\u2019s inconsistent response to invalid course IDs allowed ...
CVE-2025-62396
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-62401 An issue in Moodle\u2019s timed assignment feature allowed students to ... | CVSS3: 5.4 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-62400 Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information. | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-62400 Moodle exposed the names of hidden groups to users who had permission ... | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-62399 Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks. | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-62399 Moodle\u2019s mobile and web service authentication endpoints did not ... | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-62398 A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. | CVSS3: 5.4 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-62398 A serious authentication flaw allowed attackers with valid credentials ... | CVSS3: 5.4 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-62397 The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-62397 The router\u2019s inconsistent response to invalid course IDs allowed ... | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-62396 An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured. | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу