CVE News Feed
Updates on the latest vulnerabilities detected.
-
CVE-2025-46618 - JetBrains TeamCity Stored XSS Vulnerability
CVE ID :CVE-2025-46618
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-46433 - JetBrains TeamCity Path Traversal Vulnerability
CVE ID :CVE-2025-46433
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-46432 - JetBrains TeamCity Base64 Credentials Exposure
CVE ID :CVE-2025-46432
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43862 - Dify APP Orchestration Privilege Escalation Vulnerability
CVE ID :CVE-2025-43862
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-43016 - JetBrains Rider Unvalidated Archive Unpacking Vulnerability
CVE ID :CVE-2025-43016
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3647 - Moodle Information Disclosure
CVE ID :CVE-2025-3647
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3645 - Moodle Information Disclosure Vulnerability
CVE ID :CVE-2025-3645
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3644 - Moodle Course Section Deletion Privilege Escalation Vulnerability
CVE ID :CVE-2025-3644
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3643 - Moodle Reflected Cross-site Scripting Vulnerability
CVE ID :CVE-2025-3643
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3642 - Moodle EQUELLA Remote Code Execution Vulnerability
CVE ID :CVE-2025-3642
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3641 - Moodle Dropbox Repository Remote Code Execution Vulnerability
CVE ID :CVE-2025-3641
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3640 - Moodle Information Disclosure Vulnerability
CVE ID :CVE-2025-3640
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3638 - Moodle CSRF in Brickfield Tool
CVE ID :CVE-2025-3638
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3637 - Moodle CSRF Information Disclosure
CVE ID :CVE-2025-3637
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3636 - Moodle RSS Feed Access Vulnerability
CVE ID :CVE-2025-3636
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3635 - Moodle CSRF Tour Duplicating Vulnerability
CVE ID :CVE-2025-3635
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3628 - Moodle Anonymous Assignment De-Anonymization Vulnerability
CVE ID :CVE-2025-3628
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3627 - Moodle Information Disclosure Vulnerability
CVE ID :CVE-2025-3627
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-3625 - Moodle Authentication Bypass
CVE ID :CVE-2025-3625
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-32432 - Craft CMS Remote Code Execution Vulnerability
CVE ID :CVE-2025-32432
Published : April 25, 2025, 3:15 p.m. | 59 minutes ago
Description :Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...