Security Vulnerabilities
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-02-03
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.
CVSS Score
8.1
EPSS Score
0.001
Published
2026-02-03
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-03
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed.
This issue affects pdfonline.foxit.com: before 2026‑02‑03.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-03
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
CVSS Score
9.3
EPSS Score
0.0
Published
2026-02-03
OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
CVSS Score
8.6
EPSS Score
0.0
Published
2026-02-03
For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-02-03
A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands.
CVSS Score
8.5
EPSS Score
0.0
Published
2026-02-03
A
vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an
authenticated attacker with admin privileges using the shell commands
“source, ping6, sleep, disown, wait to modify the path variables and
move upwards in the directory structure or to traverse to different
directories.
CVSS Score
4.6
EPSS Score
0.0
Published
2026-02-03
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.
CVSS Score
4.6
EPSS Score
0.0
Published
2026-02-03