CVE-2025-3637 – Moodle CSRF Information Disclosure

April 25, 2025

CVE ID : CVE-2025-3637

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site’s URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3635 – Moodle CSRF Tour Duplicating Vulnerability

Next Article CVE-2025-3638 – Moodle CSRF in Brickfield Tool

Highlights

CVE-2025-3749 – Breeze Display for WordPress Stored Cross-Site Scripting Vulnerability

April 24, 2025

CVE ID : CVE-2025-3749

Published : April 24, 2025, 11:15 p.m. | 3 hours, 45 minutes ago

Description : The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

The Alters PC review: I’m rethinking my own life paths after falling in love with a sci-fi game

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

Developing a Serverless Blogging Platform with AWS Lambda and Python

YAML files in DBT

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

CVE-2025-3637 – Moodle CSRF Information Disclosure

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

CVE-2024-30147 – “Oracle HCL Leap Client-Side Script Injection Vulnerability”

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways

CVE-2025-27029 – Cisco Router Denial of Service

This $400 Motorola phone comes with built-in stylus and a fantastic OLED display

CVE-2025-3749 – Breeze Display for WordPress Stored Cross-Site Scripting Vulnerability

CVE-2025-32885 – “GoTenna v1 App Message Injection Vulnerability”

CVE-2025-47897 – Apache HTTP Server Remote Code Execution

Critical UAF Vulnerability Discovered in Ladybird Browser Engine (CVE-2025-47154)

CVE-2025-3637 – Moodle CSRF Information Disclosure

Related Posts