Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-0010

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-20 Jan, 2014 | 11:00
Updated At-06 Aug, 2024 | 08:58
Rejected At-
Credits

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:20 Jan, 2014 | 11:00
Updated At:06 Aug, 2024 | 08:58
Rejected At:
â–¼CVE Numbering Authority (CNA)

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://openwall.com/lists/oss-security/2014/01/20/1
mailing-list
x_refsource_MLIST
https://moodle.org/mod/forum/discuss.php?d=252416
x_refsource_CONFIRM
http://osvdb.org/102261
vdb-entry
x_refsource_OSVDB
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
vendor-advisory
x_refsource_FEDORA
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
x_refsource_CONFIRM
http://www.securitytracker.com/id/1029649
vdb-entry
x_refsource_SECTRACK
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://openwall.com/lists/oss-security/2014/01/20/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=252416
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/102261
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1029649
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
Resource:
vendor-advisory
x_refsource_FEDORA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://openwall.com/lists/oss-security/2014/01/20/1
mailing-list
x_refsource_MLIST
x_transferred
https://moodle.org/mod/forum/discuss.php?d=252416
x_refsource_CONFIRM
x_transferred
http://osvdb.org/102261
vdb-entry
x_refsource_OSVDB
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1029649
vdb-entry
x_refsource_SECTRACK
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2014/01/20/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=252416
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/102261
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1029649
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:20 Jan, 2014 | 15:14
Updated At:29 Apr, 2026 | 01:13

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Moodle Pty Ltd
moodle
>>moodle>>2.4.0
cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.4.1
cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.4.2
cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.4.3
cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.4.4
cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.4.5
cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.4.6
cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.4.7
cpe:2.3:a:moodle:moodle:2.4.7:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.6.0
cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.5.0
cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.5.1
cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.5.2
cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.5.3
cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>Versions up to 2.2.11(inclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.0
cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.1
cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.2
cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.3
cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.4
cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.5
cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.6
cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.7
cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.8
cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.0.9
cpe:2.3:a:moodle:moodle:2.0.9:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.0
cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.1
cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.2
cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.3
cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.4
cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.5
cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.6
cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.7
cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.8
cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.9
cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.1.10
cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.0
cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.1
cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.2
cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.3
cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.4
cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.5
cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.6
cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.7
cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.8
cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.9
cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.2.10
cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.3.0
cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>2.3.1
cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883secalert@redhat.com
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.htmlsecalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2014/01/20/1secalert@redhat.com
N/A
http://osvdb.org/102261secalert@redhat.com
N/A
http://www.securitytracker.com/id/1029649secalert@redhat.com
N/A
https://moodle.org/mod/forum/discuss.php?d=252416secalert@redhat.com
Patch
Vendor Advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883af854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2014/01/20/1af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/102261af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1029649af854a3a-2127-422b-91ae-364da2661108
N/A
https://moodle.org/mod/forum/discuss.php?d=252416af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2014/01/20/1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/102261
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1029649
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=252416
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2014/01/20/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/102261
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1029649
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=252416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3165Records found

CVE-2014-0213
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-27 May, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-0126
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-22 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-4281
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-16 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-25600
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.55% / 41.74%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Google Map plugin <= 4.2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).

Action-Not Available
Vendor-wepluginsFlippercodeFedora Project
Product-fedorawp_mapsWP Google Map Plugin (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2010-2231
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.98% / 57.99%
||
7 Day CHG~0.00%
Published-28 Jun, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-4297
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.22% / 64.98%
||
7 Day CHG~0.00%
Published-16 Dec, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-21703
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-2.28% / 81.04%
||
7 Day CHG~0.00%
Published-08 Feb, 2022 | 20:40
Updated-23 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross Site Request Forgery in Grafana

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Action-Not Available
Vendor-Fedora ProjectNetApp, Inc.Grafana Labs
Product-e-series_performance_analyzergrafanafedoragrafana
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-10186
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.09% / 61.38%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 21:40
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

Action-Not Available
Vendor-Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-16854
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.33% / 81.42%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.

Action-Not Available
Vendor-[UNKNOWN]Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0335
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.71%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0196
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.74% / 49.96%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 00:50
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-phoronix-mediaphoronix-test-suiteFedora Project
Product-phoronix_test_suitefedoraphoronix-test-suite/phoronix-test-suite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-43559
Matching Score-10
Assigner-Fedora Project
ShareView Details
Matching Score-10
Assigner-Fedora Project
CVSS Score-8.8||HIGH
EPSS-0.61% / 44.71%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 16:00
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

Action-Not Available
Vendor-n/aMoodle Pty LtdFedora Project
Product-extra_packages_for_enterprise_linuxfedoramoodlemoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-1098
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.27% / 66.19%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 16:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.

Action-Not Available
Vendor-Red Hat, Inc.Fedora Project
Product-etcdfedoraetcd
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-0197
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-10
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.81% / 52.43%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 00:50
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Action-Not Available
Vendor-phoronix-mediaphoronix-test-suiteFedora Project
Product-phoronix_test_suitefedoraphoronix-test-suite/phoronix-test-suite
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-3734
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.13% / 62.43%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-2157
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.97% / 57.77%
||
7 Day CHG~0.00%
Published-22 May, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-0720
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.41% / 69.44%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Action-Not Available
Vendor-clusterlabsn/aFedora ProjectRed Hat, Inc.
Product-pcsfedoraenterprise_linuxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5607
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.20% / 64.46%
||
7 Day CHG~0.00%
Published-20 Sep, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery in the REST API in IPython 2 and 3.

Action-Not Available
Vendor-ipythonn/aFedora Project
Product-ipythonfedoran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5338
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.79% / 51.65%
||
7 Day CHG~0.00%
Published-22 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-5258
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.75% / 50.45%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Fedora Project
Product-spring_socialfedoran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0218
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 59.00%
||
7 Day CHG~0.00%
Published-01 Jun, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-0213
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 59.00%
||
7 Day CHG~0.00%
Published-01 Jun, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-7836
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-24 Nov, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-7838
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-24 Nov, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-4133
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.77%
||
7 Day CHG~0.00%
Published-16 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2011-4298
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 58.91%
||
7 Day CHG~0.00%
Published-11 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-6103
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.66% / 46.96%
||
7 Day CHG~0.00%
Published-27 Jan, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2816
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.55% / 72.12%
||
7 Day CHG~0.00%
Published-13 Nov, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCFedora Project
Product-iphone_ossafarifedorachromeopensusen/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-1526
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.82% / 76.18%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla CorporationFedora Project
Product-firefoxubuntu_linuxseamonkeyfedoraopensusen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-1477
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.51% / 91.83%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CVE-2014-0195
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-99.98% / 99.98%
||
7 Day CHG~0.00%
Published-05 Jun, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Action-Not Available
Vendor-n/aMariaDB FoundationopenSUSEOpenSSLFedora Project
Product-mariadbleapopensslfedoraopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2014-0214
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.99% / 85.69%
||
7 Day CHG~0.00%
Published-27 May, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-6474
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.07% / 86.05%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

Action-Not Available
Vendor-n/aCanonical Ltd.The Linux FoundationDebian GNU/LinuxFedora Project
Product-debian_linuxcups-filtersubuntu_linuxfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-20740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.05% / 60.01%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 18:16
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().

Action-Not Available
Vendor-pdfresurrect_projectn/aDebian GNU/LinuxFedora Project
Product-pdfresurrectdebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16154
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.71% / 49.12%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 17:00
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

Action-Not Available
Vendor-app\n/aFedora Project
Product-\fedoran/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2013-0170
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-5.77% / 92.18%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Fedora Project
Product-enterprise_linux_eusubuntu_linuxlinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_serverfedoralibvirtlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2020-16003
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.47% / 70.57%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromefedoradebian_linuxbackports_sleChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15964
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.94% / 85.45%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CVE-2020-16000
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.58% / 72.50%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromebackports_sledebian_linuxfedoraChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15962
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.90% / 77.13%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CVE-2020-15963
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.47% / 70.64%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CVE-2019-16943
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.86% / 90.97%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 16:06
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-enterprise_linux_serverretail_sales_auditcommunications_cloud_native_core_network_slice_selection_functiononcommand_api_servicescommunications_billing_and_revenue_managementsiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratorprimavera_gatewayactive_iq_unified_managerbanking_platformoncommand_workflow_automationretail_merchandising_systemglobal_lifecycle_management_nextgen_oui_frameworksteelstore_cloud_integrated_storagedebian_linuxweblogic_serverjackson-databindcommunications_calendar_servertrace_file_analyzerfedoracommunications_evolved_communications_application_servergoldengate_application_adapterswebcenter_sitesservice_level_managerjboss_enterprise_application_platformjd_edwards_enterpriseone_toolswebcenter_portaln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-13584
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-4.45% / 90.24%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 17:02
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.

Action-Not Available
Vendor-webkitgtkn/aFedora Project
Product-webkitgtkfedoraWebkit
CWE ID-CWE-416
Use After Free
CVE-2011-4587
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.07% / 79.07%
||
7 Day CHG~0.00%
Published-20 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CVE-2011-4517
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-10.62% / 95.24%
||
7 Day CHG~0.00%
Published-15 Dec, 2011 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Action-Not Available
Vendor-n/aJasPerCanonical Ltd.Oracle CorporationSUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopoutside_in_technologyjasperenterprise_linux_desktoplinux_enterprise_serverfedoralinux_enterprise_software_development_kitn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-4287
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.07% / 79.07%
||
7 Day CHG~0.00%
Published-16 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CVE-2011-4302
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.28% / 66.59%
||
7 Day CHG~0.00%
Published-11 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-8377
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.32% / 67.30%
||
7 Day CHG~0.00%
Published-17 Feb, 2019 | 02:00
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aFedora ProjectBroadcom Inc.
Product-tcpreplayfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-32545
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.33% / 67.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxenterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-8383
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.25% / 65.72%
||
7 Day CHG~0.00%
Published-17 Feb, 2019 | 02:00
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.

Action-Not Available
Vendor-advancemamen/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-enterprise_linux_serverdebian_linuxenterprise_linux_workstationfedoraadvancecompenterprise_linux_for_power_little_endiann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 63
  • 64
  • Next
Details not found