Vulnerabilities > Moodle > Moodle > 2.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-07 | CVE-2024-43425 | Unspecified vulnerability in Moodle A flaw was found in Moodle. | 8.1 |
| 2024-11-07 | CVE-2024-43428 | Unspecified vulnerability in Moodle To address a cache poisoning risk in Moodle, additional validation for local storage was required. | 7.1 |
| 2024-11-07 | CVE-2024-43431 | Unspecified vulnerability in Moodle A vulnerability was found in Moodle. | 7.5 |
| 2024-11-07 | CVE-2024-43434 | Unspecified vulnerability in Moodle The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability. | 8.1 |
| 2024-11-07 | CVE-2024-43440 | Unspecified vulnerability in Moodle A flaw was found in moodle. | 7.5 |
| 2024-06-18 | CVE-2024-38276 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Incorrect CSRF token checks resulted in multiple CSRF risks. | 8.8 |
| 2024-02-12 | CVE-2024-1439 | Unspecified vulnerability in Moodle Inadequate access control in Moodle LMS. | 3.3 |
| 2023-11-09 | CVE-2023-5539 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. | 8.8 |
| 2023-11-09 | CVE-2023-5540 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. | 8.8 |
| 2023-11-09 | CVE-2023-5545 | Exposure of Resource to Wrong Sphere vulnerability in multiple products H5P metadata automatically populated the author with the user's username, which could be sensitive information. | 5.3 |