CVE-2025-3638 – Moodle CSRF in Brickfield Tool

April 25, 2025

CVE ID : CVE-2025-3638

Published : April 25, 2025, 3:15 p.m. | 4 hours, 29 minutes ago

Description : A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3637 – Moodle CSRF Information Disclosure

Next Article CVE-2025-32432 (CVSS 10): Craft CMS Hit by Critical RCE Flaw Exploited in the Wild

Highlights

CVE-2025-1863 – Yokogawa Electric Corporation Paperless Recorders Authentication Bypass

April 22, 2025

CVE ID : CVE-2025-1863

Published : April 18, 2025, 6:15 a.m. | 4 days, 7 hours ago

Description : Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Apple Intelligence delay: A clash of two architectures and trivial AI features fell short of standards and expectations

Ambrosia Sky is a gorgeous science-fiction game that’s all about death, and I can’t wait to play more

3 secrets of PowerToys on Windows 11 that you’ll wish you already knew

[EcjoJS Meta] Content discussion

[EcjoJS Meta] Content discussion

Accessibility, Inclusive Design, and Universal Design Work Together

An “Inconceivable” Conversation With Dr. Pete Cornwell on Simple vs. Agentic AI

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

OpenAI CEO Sam Altman claims “ChatGPT is already more powerful than any human who has ever lived”

Apple Intelligence delay: A clash of two architectures and trivial AI features fell short of standards and expectations

Ambrosia Sky is a gorgeous science-fiction game that’s all about death, and I can’t wait to play more

CVE-2025-3638 – Moodle CSRF in Brickfield Tool

Urgent: CVE-2025–47273 Exposes Python SetupTools — Here’s How to Stay Secure

Google Pixel 10 to Embrace Qi2 Wireless Charging with New “Pixelsnap” Accessories

CVE-2025-4384 – PcVue MQTT Certificate Validation Bypass

Take It Down Act Expected to Become Law Despite Concerns

Going beyond AI assistants: Examples from Amazon.com reinventing industries with generative AI

Are you playing DOOM: The Dark Ages when it launches? — Weekend discussion 💬

CVE-2025-1863 – Yokogawa Electric Corporation Paperless Recorders Authentication Bypass

Microsoft April 2025 Patch Tuesday: Fixes for 134 security vulnerabilities, one exploited Zero-Day

Cubify Anything: Scaling Indoor 3D Object Detection

CVE-2025-5426 – Juzaweb CMS Menu Page Remote Access Control Vulnerability

CVE-2025-3638 – Moodle CSRF in Brickfield Tool

Related Posts