Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
CVE-2025-26526
Separate Groups mode restrictions were not factored into permission c ...
CVE-2025-26525
Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).
CVE-2025-26525
Insufficient sanitizing in the TeX notation filter resulted in an arb ...
CVE-2025-26527
Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.
CVE-2025-26526
Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities.
CVE-2025-26531
Insufficient capability checks made it possible to disable badges a user does not have permission to access.
CVE-2025-26528
The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.
CVE-2025-26529
Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
CVE-2025-26530
The question bank filter required additional sanitizing to prevent a reflected XSS risk.
CVE-2025-26532
Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-26526 Separate Groups mode restrictions were not factored into permission c ... | CVSS3: 6.5 | 0% Низкий | 7 месяцев назад |
 | CVE-2025-26525 Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed). | CVSS3: 8.6 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26525 Insufficient sanitizing in the TeX notation filter resulted in an arb ... | CVSS3: 8.6 | 0% Низкий | 7 месяцев назад |
 | CVE-2025-26527 Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. | CVSS3: 5.3 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26526 Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities. | CVSS3: 6.5 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26531 Insufficient capability checks made it possible to disable badges a user does not have permission to access. | CVSS3: 3.1 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26528 The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk. | CVSS3: 3.4 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26529 Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. | CVSS3: 8.3 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26530 The question bank filter required additional sanitizing to prevent a reflected XSS risk. | CVSS3: 8.3 | 0% Низкий | 7 месяцев назад |
| CVE-2025-26532 Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored. | CVSS3: 3.1 | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу