5.4

CVSS3.1

CVE-2025-62398 - Moodle: possible to bypass mfa

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.

πŸ“… Published: Oct. 23, 2025, 11:28 a.m. πŸ”„ Last Modified: Nov. 14, 2025, 7:14 p.m.

5.3

CVSS3.1

CVE-2025-62397 - Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.

πŸ“… Published: Oct. 23, 2025, 11:28 a.m. πŸ”„ Last Modified: Nov. 14, 2025, 7:19 p.m.

5.3

CVSS3.1

CVE-2025-62396 - Moodle: router (r.php) could expose application directories

An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.

πŸ“… Published: Oct. 23, 2025, 11:28 a.m. πŸ”„ Last Modified: Nov. 14, 2025, 7:21 p.m.

4.3

CVSS3.1

CVE-2025-62394 - Moodle: quiz notifications sent to suspended participants

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.

πŸ“… Published: Oct. 23, 2025, 11:28 a.m. πŸ”„ Last Modified: Nov. 14, 2025, 7:40 p.m.

4.3

CVSS3.1

CVE-2025-62393 - Moodle: course access permissions not properly checked in course_output_fragment_course_overview

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.

πŸ“… Published: Oct. 23, 2025, 11:28 a.m. πŸ”„ Last Modified: Nov. 14, 2025, 7:39 p.m.

5.1

CVSS4.0

CVE-2025-10355 - Open redirection vulnerability in MOLGENIS EMX2

Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites or other malicious destinations via β€œ/%2f%2f<MALICIOUS_DOMAIN>”.

πŸ“… Published: Oct. 23, 2025, 11:16 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-14011 -

Duplicate.

πŸ“… Published: Oct. 23, 2025, 11:09 a.m. πŸ”„ Last Modified: Oct. 23, 2025, 11:11 a.m.

7.1

CVSS4.0

CVE-2025-41073 - Path Traversal in Gandia Integra Total by TESI

Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the β€œdirestudio” parameter in β€œ/encuest…

πŸ“… Published: Oct. 23, 2025, 10:57 a.m. πŸ”„ Last Modified: Oct. 30, 2025, 4:50 p.m.

5.1

CVSS4.0

CVE-2025-40643 - Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to β€œ/crm/create_job_submit.php”, using the β€œJobCreatedBy” parameter. This vulnerability could allow a remote…

πŸ“… Published: Oct. 23, 2025, 10:46 a.m. πŸ”„ Last Modified: Oct. 31, 2025, 7:36 p.m.

4.8

CVSS4.0

CVE-2025-9981 - Multiple Stored XSS in QuickCMS

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. …

πŸ“… Published: Oct. 23, 2025, 9:37 a.m. πŸ”„ Last Modified: Nov. 17, 2025, 3:57 p.m.
Total resulsts: 349182
Page 3303 of 34,919
Β« previous page Β» next page
Filters