PT-2026-6098

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description Movable Type has a stored cross-site scripting issue in the Edit Comment functionality. An attacker could execute arbitrary script in a logged-in user’s web browser by storing crafted input. The...

PT-2026-6193

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description A flaw exists where specially crafted input data can lead to the creation of a malicious CSV file. Downloading and opening this file can result in code execution within the user's system. The iss...

CVE-2026-21968

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

EUVD-2022-2018

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-30684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and...

Linux Distros Unpatched Vulnerability : CVE-2025-50081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and...

Oracle MySQL Server 8.4.x < 8.4.6 (July 2025 CPU)

The versions of MySQL Server installed on the remote host are affected by a multiple vulnerabilities as referenced in the July 2025 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42,...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation.MySQL Server is one of the database server components. A security vulnerability exists in Oracle MySQL Server of Oracle MySQL, which stems from a flaw in the PS component that could lead to a complete...

Red Hat Enterprise Linux SEoL (8.4.x, 8.5.x)

According to its version, Red Hat Enterprise Linux is 8.4.x or 8.5.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 8.x prior to 8.3.3, 8.4.x prior to 8.4.3 or 8.5.x prior to 8.5.2. It is, therefore, affected by a privilege escalation vulnerability. Note that the scanner has not tested for these...

GHSA-585J-5449-MF5M Drupal cross-site scripting vulnerability

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

GHSA-7FFH-CJVG-FPR4 Drupal Settings Tray access bypass

In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...

Drupal Settings Tray access bypass

In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...

CVE-2019-5317

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba...

CVE-2020-23957

Pega Platform through 8.4.x is affected by Cross Site Scripting XSS via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI...

Cross site scripting

Pega Platform through 8.4.x is affected by Cross Site Scripting XSS via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI...

CVE-2020-23957

CVE-2020-23957 affects Pegasystem Pega Platform up to version 8.4.x. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the ConnectionID parameter, demonstrated by a request such as pyActivity=Data-TRACERSettings.pzStartTracerSession to a PRAuth URI. The provided connected doc...

Drupal 8.4.x < 8.4.6 Remote Code Execution Vulnerability

According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Drupal 8.4.x < 8.4.8 Remote Code Execution Vulnerability

According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Node.js Denial-of-Service Vulnerability - 02 - Mac OS X

Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...