Lucene search
+L

19 matches found

redhatcve
redhatcve
added 2026/04/03 11:2 p.m.6 views

CVE-2026-34736

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References1
nvd
nvd
added 2026/04/02 7:21 p.m.7 views

CVE-2026-34736

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS0.00211EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/02 6:29 p.m.3 views

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/02 6:29 p.m.2 views

CVE-2026-34736

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References3
euvd
euvd
added 2026/04/02 6:29 p.m.3 views

EUVD-2026-18502

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
cve
cve
added 2026/04/02 6:29 p.m.18 views

CVE-2026-34736

Open edX Platform experiened an account-activation bypass vulnerability (CVE-2026-34736). In affected versions from maple up to just before ulmo, an unauthenticated attacker could bypass email verification by chaining two issues: the OAuth2 password grant issuing tokens to inactive users, and the...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/02 6:29 p.m.23 views

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS0.00211EPSS
Exploits0References2
osv
osv
added 2026/04/02 6:29 p.m.2 views

CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.9AI score0.00211EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/02 12:0 a.m.11 views

Open edX Platform 授权问题漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform, from Maple versions up to ulmo, had authorization-related vulnerabilities...

5.3CVSS5.7AI score0.00211EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.13 views

PT-2026-29871

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-15894

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00303EPSS
Exploits1References5
osv
osv
added 2023/03/20 4:15 p.m.2 views

CVE-2023-0911

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activati...

6.5CVSS7AI score
Exploits0References1
redhat
redhat
added 2022/08/31 1:3 p.m.6 views

convert2rhel: Activation key passed via command line by code

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS5.8AI score0.00303EPSS
Exploits1References4
redhat
redhat
added 2022/08/31 1:1 p.m.3 views

convert2rhel: Activation key passed via command line by code

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS5.8AI score0.00303EPSS
Exploits1References4
osv
osv
added 2022/08/29 3:15 p.m.7 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS5.8AI score0.00303EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/08/29 3:15 p.m.8 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS5.9AI score0.00303EPSS
Exploits1References6
cve
cve
added 2022/08/29 2:3 p.m.108 views

CVE-2022-0851

CVE-2022-0851 concerns convert2rhel exposing the activation key in process command lines when passing it to subscription-manager. Public docs tie this to the Convert2RHEL utility and indicate an exposure that could enable fraud via registering systems using the victim’s activation key. Red Hat ad...

5.5CVSS5.3AI score0.00303EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2022/08/29 12:0 a.m.7 views

PT-2022-13472 · Unknown · Convert2Rhel

Name of the Vulnerable Software and Affected Versions: convert2rhel affected versions not specified Description: The issue is related to the use of the --activationkey option with convert2rhel, which passes the activation key to subscription-manager via the command line. This could allow...

5.5CVSS5.1AI score0.00303EPSS
Exploits1References5
cnnvd
cnnvd
added 2022/04/26 12:0 a.m.4 views

Convert2RHEL 信息泄露漏洞

Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. Convert2RHEL suffers from a security vulnerability that stems from the application of the --activationkey option when used with convert2rhel, where the activation key is subsequent...

5.5CVSS5.7AI score0.00303EPSS
Exploits1References9
Rows per page
Query Builder