In Moodle LMS version 4.0 a medium severity vulnerability CVE-2022-50943 was detected. This vulnerability allows an unauthenticated attacker to execute arbitrary scripts in a user’s browser and potentially steal session cookies (Cross-Site Scripting). This occurs because malicious payloads can be injected through the unescaped “search” parameter in the course/search.php file. There’s no fix available for this issue at the moment. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-50943.
Read more Educational
In Penpot versions prior to 2.13.2 a high severity vulnerability CVE-2026-26202 was detected. This vulnerability allows an authenticated user with team edit permissions to read arbitrary files from the server via the `create-font-variant` RPC endpoint by supplying a local file path, potentially exposing sensitive system files, application secrets, database credentials, and private keys. To address this issue, users should upgrade Penpot to version 2.13.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26202.
Read more Graphic Design
In Moodle version 3.10.3 a high severity vulnerability CVE-2021-47857 was detected. This vulnerability allows attackers to inject malicious JavaScript into the calendar event subtitle (label) field, resulting in persistent cross-site scripting that executes arbitrary code when users view the affected event. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2021-47857.
Read more Educational Newsflash
In Moodle versions 3.x through 3.11.18 a medium severity vulnerability CVE-2025-53021 was detected. This vulnerability allows unauthenticated attackers to hijack user sessions by obtaining and reusing the sesskey parameter within the OAuth2 login flow, resulting in full account takeover, and it affects only unsupported versions maintained by the developer. To address this issue, users should upgrade Moodle to versions 3.11.18 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53021.
Read more Educational
In Moodle version 4.5.0 a low severity vulnerability CVE-2025-26532 was detected. This vulnerability arises from insufficient checks in the glossary restoration process, allowing teachers to bypass trusttext configurations when restoring glossary entries. To address this issue, users should upgrade Moodle to version 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26532.
Read more Educational
In Moodle versions from 4.3.0-beta to 4.5.0-beta a high severity vulnerability CVE-2025-26533 was detected. This vulnerability arises from an SQL injection risk in the module list filter within the course search functionality, allowing attackers to manipulate SQL queries and potentially access sensitive data or compromise the system. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10, or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26533.
Read more Educational
In Moodle versions 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier a low severity vulnerability CVE-2025-26531 was detected. This vulnerability arises from insufficient capability checks within the badge management system, allowing attackers to exploit an Insecure Direct Object Reference (IDOR) and disable arbitrary badges. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10 or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26531.
Read more Educational
In Moodle versions up to 4.5.2 a medium severity vulnerability CVE-2025-26526 was detected. This vulnerability compromises the integrity of response viewing and deletion in Separate Groups mode within the platform’s feedback module. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26526.
Read more Educational
In Moodle versions up to 4.5.2 a medium severity vulnerability CVE-2025-26527 was detected. This vulnerability arises from the improper handling of non-searchable tags, allowing users who should not have access to certain tags to still discover them through the tag search page or the tags block. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26527.
Read more Educational