Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-43425 | A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. | 8.1 | 83.34% | 2024-11-07 | 2026-06-17 |
| CVE-2021-36393 | In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | 9.8 | 52.30% | 2023-03-06 | 2026-06-16 |
| CVE-2022-35650 | The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | 7.5 | 49.10% | 2022-07-25 | 2026-06-17 |
| CVE-2022-0332 | A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | 9.8 | 44.92% | 2022-01-25 | 2026-06-17 |
| CVE-2022-29799 | A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory. | 5.5 | 11.67% | 2022-09-21 | 2026-06-17 |
| CVE-2021-36394 | In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | 9.8 | 7.03% | 2023-03-06 | 2026-06-16 |
| CVE-2022-29800 | A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not. | 4.7 | 6.72% | 2022-09-21 | 2026-06-17 |
| CVE-2023-30943 | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | 6.5 | 6.58% | 2023-05-02 | 2026-06-17 |
| CVE-2022-35649 | The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. | 9.8 | 6.44% | 2022-07-25 | 2026-06-17 |
| CVE-2022-30600 | A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. | 9.8 | 4.99% | 2022-05-18 | 2026-06-17 |
| CVE-2022-35653 | A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact a | 6.1 | 3.67% | 2022-07-25 | 2026-06-17 |
| CVE-2021-3657 | A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. | 9.8 | 3.46% | 2022-02-18 | 2026-06-17 |
| CVE-2017-1002157 | modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution. | 9.8 | 2.80% | 2019-01-10 | 2026-06-16 |
| CVE-2022-0856 | libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service | 6.5 | 2.75% | 2022-03-10 | 2026-06-17 |
| CVE-2021-3943 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | 9.8 | 2.38% | 2021-11-22 | 2026-06-17 |
| CVE-2026-26046 | A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server. | 7.2 | 2.20% | 2026-02-21 | 2026-06-17 |
| CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | 9.8 | 2.06% | 2022-12-09 | 2026-06-17 |
| CVE-2023-5540 | A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | 4.7 | 1.93% | 2023-11-09 | 2026-06-17 |
| CVE-2023-5539 | A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | 4.7 | 1.86% | 2023-11-09 | 2026-06-17 |
| CVE-2021-3673 | A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. | 7.5 | 1.76% | 2021-08-02 | 2026-06-17 |