CVE-2026-7389

creationtimestamp| type| source ---|---|--- 2026-04-29 18:46:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mknr4o3cid2q...

CVE-2026-7389 EyouCMS common.php GetSortData sql injection

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sortasc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly an...

MINI-7389-55G4-CQ7X

Bulletin has no description...

CVE-2025-7389

A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...

CVE-2025-7389

CVE-2025-7389 describes a vulnerability in the OpenEdge AdminServer component where authenticated users could gain OS-level access and read arbitrary host files via misused methods exposed through the RMI interface, specifically the prototypes like setFile() and openFile() . The issue hinges on t...

RockyLinux 9 : buildah (RLSA-2025:7389)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7389 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the RockyLinux...

Oracle Linux 9 : buildah (ELSA-2025-7389)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7389 advisory. 1.39.4-1.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117178 2:1.39.4-1 - update to...

AlmaLinux 9 : buildah (ALSA-2025:7389)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:7389 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

CVE-2024-7389

creationtimestamp| type| source ---|---|--- 2024-08-02 08:09:58+00:00| seen| https://t.me/cvedetector/2327...

CVE-2024-7389

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make...

CVE-2024-7389 Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make...

CVE-2020-7389

Sage X3 CVE-2020-7389 is a Command Injection vulnerability in the CHAINE Variable Script path. An authenticated user with developer access can pass OS commands through this variable used by the web application; this developer configuration should not be deployed in production. The connected sourc...

CVE-2019-7389

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack...

CVE-2019-7389

Summary: CVE-2019-7389 affects D-Link DIR-823G devices (firmware 1.02B03) due to an incorrect access control in /bin/goahead that allows unauthenticated remote reset via the SetFactoryDefault HNAP API, enabling a denial-of-service condition. Affected component: /bin/goahead on the DIR-823G. Root ...

CVE-2013-7389

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlinkhedwigcgibof.rb 2018-05-29 15:50:33+00:00| seen|...

NVIDIA Linux GPU Display Driver contains missing permissions check and improper validation vulnerabilities - us

Lenovo Security Advisory: LEN-10962 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-7382, CVE-2016-7389 Summary Description: The NVIDIA GPU Display Driver for Linux contains two privilege escalation vulnerabilities. CVE-2016-7382...

CVE-2017-7389

CVE-2017-7389 affects Open eClass Release_3.5.4. The vulnerability is a Cross-Site Scripting (XSS) due to insufficient filtering of user-supplied data (meeting_id, user) passed to the openeclass-master/modules/tc/webconf/webconf.php URL. An attacker could cause the browser to execute arbitrary HT...

CVE-2016-7389

The CVE-2016-7389 issue affects NVIDIA GPU Display Driver for Linux on NVIDIA Quadro, NVS, GeForce, and Tesla products. It involves the kernel-mode layer (nvidia.ko) mmap() handler with improper input validation, enabling privilege escalation by gaining access to arbitrary physical memory. Affect...

Ubuntu: Security Advisory (USN-3122-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NVIDIA Linux GPU Display Driver 304.x < 304.132 / 340.x < 340.98 / 361.93.x < 361.93.03 / 367.x < 367.55 / 370.x < 370.28 Multiple Vulnerabilities

The version of the NVIDIA GPU display driver installed on the remote Linux host is 304.x prior to 304.132, 340.x prior to 340.98, 361.93.x prior to 361.93.03, 367.x prior to 367.55, or 370.x prior to 370.28. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the kernel-mo...