CVE-2026-6389

creationtimestamp| type| source ---|---|--- 2026-04-30 22:18:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkqnffksec2n 2026-04-30 22:54:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkqpgzflso2k 2026-05-01 10:42:06+00:00| seen|...

Security Bulletin: IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability (CVE-2026-6389)

Summary IBM Turbonomic Prometurbo is an agent used by IBM Turbonomic Application Resource Management to integrate with Prometheus to collect application metrics and send them to Turbonomic for analysis and generation of optimization plans. A security vulnerability has been addressed in the IBM...

Attackers Actively Exploiting Critical Vulnerability in Sneeit Framework Plugin

On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes. This vulnerability can be leveraged to execute code remotely. The vendor...

CVE-2025-6389

creationtimestamp| type| source ---|---|--- 2025-11-25 02:38:45+00:00| seen| https://bsky.app/profile/crowdcyber.bsky.social/post/3m6gcqv3lnn2o 2025-11-25 03:03:15+00:00| seen| https://infosec.exchange/users/offseq/statuses/115608111943275596 2025-11-25 03:03:16+00:00| seen|...

ECHO-40DD-6389-8B4E

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2024-6389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a...

Linux Distros Unpatched Vulnerability : CVE-2018-6389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service resource consumption by using the large list of registered .js files from...

CVE-2024-6389

creationtimestamp| type| source ---|---|--- 2024-09-12 19:48:03+00:00| seen| https://t.me/cvedetector/5499 2025-09-17 06:19:56+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3lyz6wtkuuf2f...

CVE-2024-6389

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...

CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...

CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...

WordPress WordPress Toolbar Plugin <= 2.2.6 is vulnerable to Open Redirection

Software WordPress Toolbar Type Plugin Vulnerable versions = 2.2.6 Fixed in N/A OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2023-6389 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID ae5087bc3d96 Credits Daniel Ruf Required privilege Unauthenticated...

CVE-2023-6389

creationtimestamp| type| source ---|---|--- 2024-01-29 16:26:21+00:00| seen| https://t.me/ctinow/175367 2024-02-03 08:16:21+00:00| seen| https://t.me/ctinow/178423 2024-02-21 16:11:29+00:00| seen| https://t.me/ctinow/189710...

CVE-2023-6389

CVE-2023-6389 affects WordPress Toolbar plugin up to version 2.2.6, enabling open redirects via the wptbto parameter that can be exploited by unauthenticated attackers to redirect users to arbitrary URLs. The connected Nuclei template notes a fix in version 2.2.7 or later, so upgrading the plugin...

CVE-2023-6389 WordPress Toolbar <= 2.2.6 - Open Redirect

The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

CVE-2023-6389 WordPress Toolbar <= 2.2.6 - Open Redirect

The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

Publitas: CVE-2018-6389 exploitation - using scripts loader

An unauthenticated denial of service vulnerability in WordPress was discovered, tracked as CVE-2018-6389. By requesting a large number of JavaScript files through the load-scripts.php endpoint, an attacker could consume excessive resources on the server. This vulnerability could allow denial of...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Indent vulnerability (USN-6389-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6389-1 advisory. It was discovered that Indent incorrectly handled parsing certain source files. If a user or automated system were tricked into processing a...

Fastly VDP: CVE-2018-6389 exploitation - using scripts loader

Vulnerability description not provided...

U.S. Dept Of Defense: DoS at █████(CVE-2018-6389)

A vulnerability in WordPress allowed unauthenticated attackers to launch a denial of service attack by listing a large number of registered .js files from wp-includes/script-loader.php. The vulnerability was assigned CVE-2018-6389. Attackers could use this function to deplete server resources and...