PT-2026-38893

Name of the Vulnerable Software and Affected Versions Auto Affiliate Links versions prior to 6.8.9 Description The plugin is subject to Stored Cross-Site Scripting due to insufficient input sanitization of the url POST parameter within the aal url stats save action function and a lack of output...

PT-2026-29355

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The AVideo admin panel does not properly encode plugin configuration values when rendering them in HTML forms. The jsonToFormElements function in admin/functions.php directly interpolates...

PT-2026-7160

Name of the Vulnerable Software and Affected Versions PlaciPy version 1.0.0 Description PlaciPy is a placement management system for educational institutions. Version 1.0.0 allows user-controlled query parameters to be passed directly into DynamoDB query/filter construction without validation or...

Microchip RN4870 输入验证错误漏洞

The Microchip RN4870 is a Bluetooth low energy module chip from Microchip, Inc. The Microchip RN4870 suffers from an input validation error vulnerability that stems from the fact that when the device receives multiple PairReqNoInputNoOutput requests in a row, it will not be able to complete the...

UBUNTU-CVE-2018-11805

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party ....