Skip to main content
CVE-2025-26528 LOW PATCH Monitor

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2025-26531 LOW PATCH Monitor

Insufficient capability checks made it possible to disable badges a user does not have permission to access. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2025-26532 LOW PATCH Monitor

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Moodle
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-1412 LOW PATCH Monitor

Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Session Fixation Privilege Escalation Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy