Количество 2 470
Количество 2 470
CVE-2024-43428
To address a cache poisoning risk in Moodle, additional validation for local storage was required.
CVE-2024-43428
To address a cache poisoning risk in Moodle, additional validation for ...
CVE-2024-43427
A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.
CVE-2024-43427
A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.
CVE-2024-43427
A flaw was found in moodle. When creating an export of site administra ...
CVE-2024-43425
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
CVE-2024-43425
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
CVE-2024-43425
A flaw was found in Moodle. Additional restrictions are required to av ...
CVE-2024-38276
Incorrect CSRF token checks resulted in multiple CSRF risks.
CVE-2024-38276
Incorrect CSRF token checks resulted in multiple CSRF risks.
CVE-2024-38276
Incorrect CSRF token checks resulted in multiple CSRF risks.
CVE-2024-38275
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
CVE-2024-38275
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
CVE-2024-38275
The cURL wrapper in Moodle retained the original request headers when ...
CVE-2024-37674
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
CVE-2024-37674
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
CVE-2024-37674
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote ...
CVE-2024-34009
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.
CVE-2024-34009
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.
CVE-2024-34009
Insufficient checks whether ReCAPTCHA was enabled made it possible to ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-43428 To address a cache poisoning risk in Moodle, additional validation for local storage was required. | CVSS3: 7.7 | 0% Низкий | 8 месяцев назад |
| CVE-2024-43428 To address a cache poisoning risk in Moodle, additional validation for ... | CVSS3: 7.7 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-43427 A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party. | CVSS3: 3.7 | 0% Низкий | 8 месяцев назад |
| CVE-2024-43427 A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party. | CVSS3: 3.7 | 0% Низкий | 8 месяцев назад |
| CVE-2024-43427 A flaw was found in moodle. When creating an export of site administra ... | CVSS3: 3.7 | 0% Низкий | 8 месяцев назад |
| CVE-2024-43425 A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. | CVSS3: 8.1 | 89% Высокий | 8 месяцев назад |
| CVE-2024-43425 A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. | CVSS3: 8.1 | 89% Высокий | 8 месяцев назад |
| CVE-2024-43425 A flaw was found in Moodle. Additional restrictions are required to av ... | CVSS3: 8.1 | 89% Высокий | 8 месяцев назад |
| CVE-2024-38276 Incorrect CSRF token checks resulted in multiple CSRF risks. | CVSS3: 8.8 | 0% Низкий | около 1 года назад |
| CVE-2024-38276 Incorrect CSRF token checks resulted in multiple CSRF risks. | CVSS3: 8.8 | 0% Низкий | около 1 года назад |
| CVE-2024-38276 Incorrect CSRF token checks resulted in multiple CSRF risks. | CVSS3: 8.8 | 0% Низкий | около 1 года назад |
| CVE-2024-38275 The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| CVE-2024-38275 The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| CVE-2024-38275 The cURL wrapper in Moodle retained the original request headers when ... | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
| CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
| CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote ... | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
| CVE-2024-34009 Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| CVE-2024-34009 Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| CVE-2024-34009 Insufficient checks whether ReCAPTCHA was enabled made it possible to ... | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу