CVE-2025-69053

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69048

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69053

CVE-2025-69053 describes a Reflected XSS in the Universal Video Player WordPress plugin (universal-video-player) affecting version(s) up to 3.8.4. The issue is caused by improper input neutralization during web page generation. Public sources in the provided documents confirm the vulnerability an...

CVE-2025-69053 WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69048 WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2025-69048

CVE-2025-69048 — WordPress Universal Video Player (LambertGroup) (versions ≤ 3.8.4) : The issue is a Reflected XSS caused by improper input neutralization during web page generation. Public entries (NVD/Red Hat/CVE List) confirm the vulnerability and affected range. Exploitation status is not det...

WordPress plugin Universal Video Player has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4136

Name of the Vulnerable Software and Affected Versions LambertGroup Universal Video Player versions through 3.8.4 Description The Universal Video Player software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This...

WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Universal Video Player versions = 3.8.4...

PT-2025-43712

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.8.4 Description The Tutor LMS plugin for WordPress is affected by a sensitive information exposure issue. Authenticated attackers with tutor-level access or higher can view assignments from courses they are not...

PT-2025-43711

Name of the Vulnerable Software and Affected Versions Tutor LMS Pro versions prior to 3.8.4 Description The Tutor LMS Pro plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of proper validation on a user-controlled key when handling assignment...

EUVD-2013-1855

Malware in sbrugna...

EUVD-2025-27710

Malicious code in bioql PyPI...

EUVD-2023-35202

Malicious code in bioql PyPI...

EUVD-2021-31482

Malicious code in bioql PyPI...

EUVD-2021-31483

Malicious code in bioql PyPI...

CVE-2024-37934

Improper Control of Generation of Code 'Code Injection' vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4...

CVE-2023-30859

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...

DEBIAN-CVE-2025-22145

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

GHSA-J3F9-P6HM-5W6Q Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Impact Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers...