RockyLinux 10 : mysql8.4 (RLSA-2026:20693)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20693 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001...

Sangoma Technologies Switchvox 安全漏洞

Sangoma Technologies Switchvox is a telephone system developed by Sangoma Technologies in Canada, suitable for businesses of any size. Prior to the version 8.4 of Sangoma Technologies Switchvox, there was a security vulnerability. This vulnerability stemmed from the storage of plaintext SIP...

CVE-2026-35236

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2026-34303

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

CVE-2025-46607

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access...

CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

Vtiger CRM 安全漏洞

Vtiger CRM is a customer relationship management system developed by Vtiger Corporation in the United States, based on SugarCRM. This system provides functions for managing, collecting, and analyzing customer information. Version Vtiger CRM 8.4.0 has a security vulnerability that stems from...

EUVD-2025-209386

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server...

CVE-2026-2936

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress plugin Visitor Traffic Real Time Statistics 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Oracle Linux 8 : mysql:8.4 (ELSA-2026-6391)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6391 advisory. mecab mecab-ipadic mysql 8.4.8-1 - Rebase to 8.4.8 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2026-31934

CVE-2026-31934 - Suricata : A quadratic time complexity issue affects URL extraction in mime-encoded SMTP messages in Suricata versions 8.0.0–8.0.3, leading to potential performance degradation. The issue has been patched in version 8.0.4. Affected product: Suricata (IDS/IPS/NSM engine); root cau...

EUVD-2026-17046

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

CVE-2026-32423

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...

mysql: Optimizer unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network...

EUVD-2026-11951

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...

CVE-2026-21393

Movable Type contains a stored cross-site scripting vulnerability in Edit Comment. If crafted input is stored by an attacker, arbitrary script may be executed on a logged-in user's web browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the...

CVE-2025-13375

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

CVE-2025-13375

IBM Common Cryptographic Architecture (CCA) versions affected: 7.5.52 and 8.4.82. The Red Hat/IBM bulletin and NVD entries indicate an unauthenticated user could execute arbitrary commands with elevated privileges on systems running these CCA releases. Affected platforms include IBM AIX, IBM i, I...

CVE-2026-24447

If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note that Movable Type 7 series and 8.4 series,...