CVE-2026-2518 FastX <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation

The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultpinstallcallback' and 'ultpactivatecallback' functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers...

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

CVE-2026-1831 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation

The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...

CVE-2025-60791

Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump an...

CVE-2025-60791

CVE-2025-60791 affects Easywork Enterprise 2.1.3.354. The vulnerability is Cleartext Storage of Sensitive Information in Memory, where device-bound license keys remain in process memory after a failed activation. An attacker with local access can attach a debugger or dump memory to retrieve keys ...

PT-2024-18776 · Unknown · Setupwizard

Name of the Vulnerable Software and Affected Versions: Setupwizard versions prior to SMR May-2024 Release 1 Description: The issue allows physical attackers to bypass authentication and skip the activation step. Recommendations: For versions prior to SMR May-2024 Release 1, update to the SMR...

Naviwebs Navigate CMS Authorization Issue Vulnerability (CNVD-2020-35977)

Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in Naviwebs Navigate CMS version 2.9 r1433, which originated when the program resets passwords, allowing users to continue setting passwords even if an...

CVE-2018-7940

Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129SP2C00 and earlier versions than 8.0.0.129SP2C01 have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations...

CVE-2017-2705

Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a phone activation bypass vulnerability. Successful...

Bypass iCloud/Activation Lock using XenMobile

An end user may return an iOS device to the I.T. department and does not supply their iCloud account information. After a restore, the I.T. department cannot enroll the device as the device cannot be unlocked without iCloud credentials. XenMobile can issue a 'Activation Bypass Code' as per Apple...

Huawei P9 Mobile Activation Bypass Vulnerability

The Huawei P9 is a smartphone product from the Chinese company Huawei Huawei. The Huawei P9 suffers from a phone activation bypass vulnerability. An unauthenticated attacker can bypass the phone activation step and go directly to the system settings page...

Security Advisory - Phone Activation Bypass Vulnerability in Huawei Smartphones

There is a phone activation bypass vulnerability in Huawei smartphones. Successful exploit could allow an unauthenticated attacker to bypass phone activation to settings page of the phone. Vulnerability ID: HWPSIRT-2016-12004 This vulnerability has been assigned CVE ID: CVE-2017-2705. Huawei has...

CVE-2015-1064

CVE-2015-1064 affects Apple iOS prior to 8.2. The vulnerability resides in Springboard: during activation, an application crash could allow a physically proximate attacker to bypass activation and view the home screen. The reported impact is limited to bypassing the intended activation flow and r...

Apple iCloud and Activation Lock Hacked; Allows Hackers to Unlock Stolen Devices

A Dutch-Moroccan team of hackers calling itself "Team DoulCi" have reportedly claimed to hack a protective feature on Apple’s iCloud system, that could leverage an attacker to remove security measures on lost or stolen iPhone devices. According to a report from Dutch news organization De Telegraa...

CVE-2009-4851

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php...

Design/Logic Flaw

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors...