ECHO-0F32-6C9D-7894

Bulletin has no description...

MAL-2025-7894 Malicious code in @erboladaiteas/nemo-deserunt-ipsum (npm)

The package @erboladaiteas/nemo-deserunt-ipsum was found to contain malicious code...

CVE-2025-7894

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The...

CVE-2025-7894 Onyx Chat Interface a3_generate_simple_sql.py generate_simple_sql sql injection

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The...

CVE-2025-7894 Onyx Chat Interface a3_generate_simple_sql.py generate_simple_sql sql injection

A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generatesimplesql of the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql.py of the component Chat Interface. The manipulation leads to sql injection. The...

CVE-2025-7894

Onyx is affected up to version 0.29.1, with the SQL injection vulnerability arising via the generate_simple_sql function in backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py (Chat Interface). The issue allows remote exploitation and has been publicly disclosed. Connected ...

CVE-2024-7894

The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license...

CVE-2024-7894 If Menu <= 0.19.1 - Missing Authorization to License Key Update

The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license...

CVE-2018-7894

Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advancedfilter parameter aka the Search Parameter...

CVE-2018-7894

Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advancedfilter parameter aka the Search Parameter...

CVE-2018-7894

CVE-2018-7894 affects Eramba e1.0.6.033, with a Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter. The issue is documented across multiple sources (NVD entry for CVE-2018-7894 and related Red Hat/CNVD records) and is described as: an XSS vulnerability cau...

CVE-2018-7894

Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advancedfilter parameter aka the Search Parameter...

CVE-2015-7894

The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service segmentation fault and process crash and execute arbitrary code via a crafted JPG...

CVE-2015-7894

CVE-2015-7894 affects Samsung LibQjpeg’s DCMProvider on a Samsung SM-G925V with build LRX22G.G925VVRU1AOE2. The vulnerability enables remote attackers to trigger a denial of service (segmentation fault/process crash) and execute arbitrary code by crafting a JPEG file, as described in multiple sou...

CVE-2017-7894

WinDjView 2.1 is affected by CVE-2017-7894. The vulnerability arises from a User Mode Write AV near NULL in WinDjView.exe, enabling code execution when a user opens a crafted .djvu file. Affected scenario involves a victim obtaining an untrusted .djvu from a remote source and issuing several user...

CVE-2016-7894

CVE-2016-7894 is rejected and not associated with an active vulnerability entry.

CVE-2015-7894

creationtimestamp| type| source ---|---|--- 2015-11-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38614...