WordPress affiliate-toolkit plugin <= 3.8.7 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Nguyen Quang Truong in WordPress Plugin affiliate-toolkit versions = 3.8.7...

PT-2026-28728

Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4 Description A path traversal issue exists due to the manipulation of the path.join function within the /log/ file of the Wildcard Handler component. This allows for remote exploitation. The project was notified o...

PT-2026-28725

Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4 Description A code injection issue exists in the JSON Parser component due to manipulation of the rawcode argument within the runJSFile function of the /webhook file. Remote exploitation is possible. The project...

PT-2026-28726

Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4 Description A flaw exists in elecV2, specifically in the pm2run function within the /rpc file. A manipulation of this function can lead to operating system command injection. This issue can be exploited remotely...

CVE-2025-69048

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69053

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69053

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69048

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69053

CVE-2025-69053 describes a Reflected XSS in the Universal Video Player WordPress plugin (universal-video-player) affecting version(s) up to 3.8.4. The issue is caused by improper input neutralization during web page generation. Public sources in the provided documents confirm the vulnerability an...

CVE-2025-69053 WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69048 WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69048

CVE-2025-69048 — WordPress Universal Video Player (LambertGroup) (versions ≤ 3.8.4) : The issue is a Reflected XSS caused by improper input neutralization during web page generation. Public entries (NVD/Red Hat/CVE List) confirm the vulnerability and affected range. Exploitation status is not det...

WordPress plugin Universal Video Player has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Universal Video Player has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4136

Name of the Vulnerable Software and Affected Versions LambertGroup Universal Video Player versions through 3.8.4 Description The Universal Video Player software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000658 advisory. The kvmsetmsrcommon function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required timepage alignment during an MSRKVMSYSTEMTIME...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002084)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002084 advisory. The kvmsetmsrcommon function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required timepage alignment during an MSRKVMSYSTEMTIME...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000711 advisory. fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to...

WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Universal Video Player versions = 3.8.4...

Siemens SIMATIC S7-1500 Untrusted Search Path (CVE-2020-15801)

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...