CVE-2025-3637 - Moodle CSRF Information Disclosure
CVE ID : CVE-2025-3637
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3637
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3638 - Moodle CSRF in Brickfield Tool
CVE ID : CVE-2025-3638
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3638
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3640 - Moodle Information Disclosure Vulnerability
CVE ID : CVE-2025-3640
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3640
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3641 - Moodle Dropbox Repository Remote Code Execution Vulnerability
CVE ID : CVE-2025-3641
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3641
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3642 - Moodle EQUELLA Remote Code Execution Vulnerability
CVE ID : CVE-2025-3642
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3642
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3643 - Moodle Reflected Cross-site Scripting Vulnerability
CVE ID : CVE-2025-3643
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3643
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3644 - Moodle Course Section Deletion Privilege Escalation Vulnerability
CVE ID : CVE-2025-3644
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3644
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3645 - Moodle Information Disclosure Vulnerability
CVE ID : CVE-2025-3645
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3645
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3647 - Moodle Information Disclosure
CVE ID : CVE-2025-3647
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3647
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43016 - JetBrains Rider Unvalidated Archive Unpacking Vulnerability
CVE ID : CVE-2025-43016
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43016
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43862 - Dify APP Orchestration Privilege Escalation Vulnerability
CVE ID : CVE-2025-43862
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43862
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46432 - JetBrains TeamCity Base64 Credentials Exposure
CVE ID : CVE-2025-46432
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46432
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46433 - JetBrains TeamCity Path Traversal Vulnerability
CVE ID : CVE-2025-46433
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46433
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46618 - JetBrains TeamCity Stored XSS Vulnerability
CVE ID : CVE-2025-46618
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46618
Published : April 25, 2025, 3:15 p.m. | 1 hour, 27 minutes ago
Description : In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-32601 - Apache Struts Deserialization Vulnerability
CVE ID : CVE-2021-32601
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-32601
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-56156 - Halo File Type Validation Bypass Vulnerability
CVE ID : CVE-2024-56156
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-56156
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2068 - FileZ Open Redirect Information Disclosure
CVE ID : CVE-2025-2068
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2068
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2069 - FileZ Cross-Site Scripting (XSS)
CVE ID : CVE-2025-2069
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2069
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2070 - "FileZ XML Parsing Denial of Service"
CVE ID : CVE-2025-2070
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2070
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3928 - Commvault Web Server Remote Webshell Execution
CVE ID : CVE-2025-3928
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3928
Published : April 25, 2025, 4:15 p.m. | 27 minutes ago
Description : Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25775 - Codeastro Bus Ticket Booking System SQL Injection Vulnerability
CVE ID : CVE-2025-25775
Published : April 25, 2025, 5:15 p.m. | 3 hours, 27 minutes ago
Description : Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25775
Published : April 25, 2025, 5:15 p.m. | 3 hours, 27 minutes ago
Description : Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...