Important: Red Hat Security Advisory: Red Hat Quay 3.16.3

Red Hat Quay 3.16.3 is now available with bug fixes. Quay 3.16.3...

CVE-2025-69055

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through 3.16.3.3...

CVE-2025-69055 WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through 3.16.3.3...

CVE-2025-69055

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3...

WordPress plugin BM Content Builder has a path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002475 advisory. The udfreadinode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002229)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002229 advisory. Buffer overflow in net/ceph/authx.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service memory corruption and...

WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Bonds in WordPress Plugin BM Content Builder versions 3.16.3.3...

WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin BM Content Builder versions = 3.16.2.1...

SUSE SLES15 / openSUSE 15 : Recommended update for helm (SUSE-SU-SUSE-RU-2024:4213-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2024:4213-1 advisory. helm was updated to fix the following issues: Update to version 3.16.3: fix: fix label name Fix typo in...

SUSE-RU-2024:4213-1 Recommended update for helm

helm was updated to fix the following issues: Update to version 3.16.3: fix: fix label name Fix typo in pkg/lint/rules/chartfiletest.go Increasing the size of the runner used for releases. fixhooks: correct hooks delete order Bump github.com/containerd/containerd from 1.7.12 to 1.7.23 Update to...

WordPress plugin GiveWP – Donation Plugin and Fundraising Platform 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress GiveWP Plugin <= 3.16.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.3 Fixed in 3.16.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9634 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID a33794a83e6f Credits lefab Required privilege Unauthenticated...

PT-2023-27936 · Calico · Calico Typha +1

Name of the Vulnerable Software and Affected Versions: Calico Typha versions 3.26.2 and below Calico Typha version 3.25.1 Calico Enterprise Typha versions 3.17.1 and below Calico Enterprise Typha version 3.16.3 Calico Enterprise Typha version 3.15.3 Description: The issue arises when a client TLS...

CVE-2023-38687

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

Cross site scripting

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names

Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...

PT-2023-26551 · Svelecte · Svelecte

Name of the Vulnerable Software and Affected Versions: Svelecte versions prior to 3.16.3 Description: Svelecte item names are rendered as raw HTML with no escaping, allowing the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever ...

alist Incorrect Access Control vulnerability

alist =3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file...

AList 代码问题漏洞

AList is a file listing program with multi-storage support by the individual developer Xhofe in China. A security vulnerability exists in AList 3.16.3 and earlier versions, which stems from an access control error that allows users with low privileges to upload arbitrary files...