Search

Search Results (363288 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-32045 1 Moodle 1 Moodle 2025-06-24 5.3 Medium
A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.
CVE-2025-32044 1 Moodle 1 Moodle 2025-06-24 7.5 High
A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.
CVE-2025-3634 1 Moodle 1 Moodle 2025-06-24 4.3 Medium
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.
CVE-2020-3525 1 Cisco 1 Identity Services Engine 2025-06-24 4.3 Medium
A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2024-31483 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 4.9 Medium
An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system.
CVE-2024-31482 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 5.3 Medium
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point.
CVE-2024-31481 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 5.3 Medium
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
CVE-2024-31480 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 5.3 Medium
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
CVE-2024-31479 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 5.3 Medium
Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service.
CVE-2024-31477 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 7.2 High
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2024-31476 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 7.2 High
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2024-31475 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 8.2 High
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.
CVE-2024-31474 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 8.2 High
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point
CVE-2024-31473 2 Arubanetworks, Hp 3 Arubaos, Instant, Instantos 2025-06-24 9.8 Critical
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2025-3642 1 Moodle 1 Moodle 2025-06-24 8.8 High
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
CVE-2025-3641 1 Moodle 1 Moodle 2025-06-24 8.8 High
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
CVE-2025-3640 1 Moodle 1 Moodle 2025-06-24 4.3 Medium
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
CVE-2025-3637 1 Moodle 1 Moodle 2025-06-24 3.1 Low
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
CVE-2025-3636 1 Moodle 1 Moodle 2025-06-24 4.3 Medium
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
CVE-2025-3635 1 Moodle 1 Moodle 2025-06-24 3.5 Low
A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.