19 matches found
CVE-2026-34736
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...
CVE-2026-34736
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...
CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...
CVE-2026-34736
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...
EUVD-2026-18502
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...
CVE-2026-34736
Open edX Platform experiened an account-activation bypass vulnerability (CVE-2026-34736). In affected versions from maple up to just before ulmo, an unauthenticated attacker could bypass email verification by chaining two issues: the OAuth2 password grant issuing tokens to inactive users, and the...
CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...
CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...
Open edX Platform 授权问题漏洞
The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform, from Maple versions up to ulmo, had authorization-related vulnerabilities...
PT-2026-29871
Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...
EUVD-2022-15894
Malicious code in bioql PyPI...
CVE-2023-0911
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activati...
convert2rhel: Activation key passed via command line by code
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...
convert2rhel: Activation key passed via command line by code
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...
CVE-2022-0851
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...
CVE-2022-0851
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...
CVE-2022-0851
CVE-2022-0851 concerns convert2rhel exposing the activation key in process command lines when passing it to subscription-manager. Public docs tie this to the Convert2RHEL utility and indicate an exposure that could enable fraud via registering systems using the victim’s activation key. Red Hat ad...
PT-2022-13472 · Unknown · Convert2Rhel
Name of the Vulnerable Software and Affected Versions: convert2rhel affected versions not specified Description: The issue is related to the use of the --activationkey option with convert2rhel, which passes the activation key to subscription-manager via the command line. This could allow...
Convert2RHEL 信息泄露漏洞
Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. Convert2RHEL suffers from a security vulnerability that stems from the application of the --activationkey option when used with convert2rhel, where the activation key is subsequent...