MINI-3989-6MR9-QWMV

Bulletin has no description...

CVE-2026-3989

creationtimestamp| type| source ---|---|--- 2026-03-12 11:15:59+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3989 2026-03-12 15:32:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgupur6xn32u 2026-03-13 03:00:06+00:00| seen|...

EUVD-2026-3989

Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through = 1.3.9...

GO-2025-3989 go-f3 Vulnerable to Cached Justification Verification Bypass in github.com/filecoin-project/go-f3

go-f3 Vulnerable to Cached Justification Verification Bypass in github.com/filecoin-project/go-f3...

RHSA-2024:3989

creationtimestamp| type| source ---|---|--- 2025-07-08 05:16:58+00:00| seen| Telegram/4wEYLxVUxQuNbJ-OS9FpooVY154mAqLMyyVIa9MwJNiDTA...

MINI-74WJ-3989-92JR

Bulletin has no description...

CVE-2023-3989

A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addcustomer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifi...

CVE-2020-3989

VMware Workstation 15.x and Horizon Client for Windows 5.x before 5.4.4 contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial...

CVE-2019-3989

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...

CVE-2025-3989

A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit...

CVE-2025-3989

The CVE-2025-3989 entry applies to TOTOLINK N150RT (version 3.4.0-B20190525). The vulnerability affects the /boafrm/formStaticDHCP path, where the Hostname parameter can be manipulated to cause a buffer overflow. This is a remotely exploitable vulnerability with public exploit availability. The t...

CVE-2022-3989

creationtimestamp| type| source ---|---|--- 2025-04-22 15:03:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12870...

CVE-2024-3989

creationtimestamp| type| source ---|---|--- 2025-01-28 04:09:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3225...

Meinberg NTP Permissions, Privileges, and Access Controls (CVE-2016-3989)

The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS- LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root...

CVE-2024-3989 HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-3989

The CVE CVE-2024-3989 affects the HT Mega – Absolute Addons For Elementor WordPress plugin. The issue is a Stored Cross-Site Scripting vulnerability in the Gallery Justify widget, arising from insufficient input sanitization and output escaping for user-supplied attributes. It is exploitable by a...

CVE-2023-3989

CVE-2023-3989 affects SourceCodester Jewelry Store System 1.0, specifically the add_customer.php functionality. Multiple sources describe a cross-site scripting (XSS) flaw in an unknown function of that file, with remote exploitation possible. Documented impact indicates only user interaction is ...

CVE-2023-3989 SourceCodester Jewelry Store System add_customer.php cross site scripting

A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addcustomer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifi...

XWiki 2.0-rc-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.1 Privilege Escalation Vulnerability (GHSA-3989-4c6x-725f)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

CVE-2022-3989

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...