CVE-2025-11211

Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-7390

creationtimestamp| type| source ---|---|--- 2025-08-21 07:31:51+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lwvgelavaf24 2025-08-21 08:13:58+00:00| seen| https://bsky.app/profile/basefortify.bsky.social/post/3lwvipq6qpk22 2025-08-21 10:13:21+00:00| seen|...

CVE-2025-7390 Bypass the client certificate trust check of an opc.https server while only secure communication is allowed

A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication...

CVE-2024-7390

creationtimestamp| type| source ---|---|--- 2024-08-21 09:01:41+00:00| seen| https://t.me/cvedetector/3728...

WordPress WP Testimonial Widget Plugin <= 3.0 is vulnerable to Broken Access Control

Software WP Testimonial Widget Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7390 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 13afe1357272 Credits Francesco Carlucci Required...

CVE-2020-7390

Sage X3 Syracuse on-premises version 12 (components shipped with Syracuse 12.10.0 and later) is affected by CVE-2020-7390, a Stored XSS on the Edit User Profile page. An authenticated user can inject XSS strings via the First Name, Last Name, or Email Address fields. Remediation: updates are avai...

Sage X3 AdxAdmin Login Scanner

This module allows an attacker to perform a password guessing attack against the Sage X3 AdxAdmin service, which in turn can be used to authenticate to a local Windows account. This module implements the X3Crypt function to 'encrypt' any passwords to be used during the authentication process, giv...

CVE-2020-7390

creationtimestamp| type| source ---|---|--- 2021-07-09 16:05:11+00:00| seen| https://t.me/truesecator/1904...

CVE-2013-7390

Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot...

CVE-2013-7390

CVE-2013-7390 describes an unrestricted file upload in ManageEngine Desktop Central’s AgentLogUploadServlet. A remote attacker can upload a JSP file to the webroot and access it directly to execute arbitrary code, affecting Desktop Central 7.x and 8.0.0 prior to build 80293. Multiple sources corr...

CVE-2019-7390

The CVE-2019-7390 issue affects D-Link DIR-823G devices with firmware 1.02B03. A flawed access control in /bin/goahead permits remote attackers to hijack the WLAN DNS service configuration via the SetWanSettings HNAP API without authentication, potentially impacting all clients on the WLAN. Docum...

CVE-2015-7390

CVE-2015-7390 is supported by multiple connected sources detailing a SQL injection in TestLink prior to 1.9.14. The vulnerability allows remote attackers to inject arbitrary SQL via the apikey parameter to lnl.php, potentially compromising the database. Affected version range is before 1.9.14; th...

CVE-2017-7390

A Cross-Site Scripting XSS was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data mail passed to the 'SocialNetwork-andrea/app/template/pwforgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

mat.univie.ac.at XSS vulnerability

Vulnerable URL: http://www.mat.univie.ac.at/butterley/icalendar/search.php?cpath===20160424=666%22%20onfocus=%22alert/XSSPOSED/%22%20autofocus=%22&submit.x;=0&submit.y;=0 Details: Description| Value ---|--- Patched:| Yes, at 26.01.2017 Latest check for patch:| 26.01.2017 08:29 GMT Vulnerability...

CVE-2016-7390

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x7000194 where a value passed from a user to the driver is used without...

CVE-2016-7390

CVE-2016-7390 affects NVIDIA Windows GPU Display Driver (nvlddmkm.sys) for Quadro/NVS/GeForce. The kernel-mode DxgDdiEscape handler for ID 0x7000194 uses a user-supplied value as an index into an internal array without validation, enabling denial of service or potential privilege escalation. Affe...

CVE-2016-7390

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape ID 0x7000194 where a value passed from a user to the driver is used without...

CVE-2016-7390

creationtimestamp| type| source ---|---|--- 2016-10-31 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40658...

TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390

Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...

TestLink 1.9.13 SQL Injection

Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...