20 matches found
CVE-2025-69055
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through 3.16.3.3...
CVE-2025-69055 WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through 3.16.3.3...
CVE-2025-69055
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3...
WordPress plugin BM Content Builder has a path traversal vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Bonds in WordPress Plugin BM Content Builder versions 3.16.3.3...
WordPress BM Content Builder plugin <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin BM Content Builder versions = 3.16.2.1...
SUSE SLES15 / openSUSE 15 : Recommended update for helm (SUSE-SU-SUSE-RU-2024:4213-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2024:4213-1 advisory. helm was updated to fix the following issues: Update to version 3.16.3: fix: fix label name Fix typo in...
WordPress plugin GiveWP – Donation Plugin and Fundraising Platform 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
PT-2023-27936 · Calico · Calico Typha +1
Name of the Vulnerable Software and Affected Versions: Calico Typha versions 3.26.2 and below Calico Typha version 3.25.1 Calico Enterprise Typha versions 3.17.1 and below Calico Enterprise Typha version 3.16.3 Calico Enterprise Typha version 3.15.3 Description: The issue arises when a client TLS...
CVE-2023-38687
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...
Cross site scripting
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...
PT-2023-26551 · Svelecte · Svelecte
Name of the Vulnerable Software and Affected Versions: Svelecte versions prior to 3.16.3 Description: Svelecte item names are rendered as raw HTML with no escaping, allowing the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever ...
alist Incorrect Access Control vulnerability
alist =3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file...
AList 代码问题漏洞
AList is a file listing program with multi-storage support by the individual developer Xhofe in China. A security vulnerability exists in AList 3.16.3 and earlier versions, which stems from an access control error that allows users with low privileges to upload arbitrary files...
SUSE CVE-2022-3509
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...
UBUNTU-CVE-2022-3509
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...
UBUNTU-CVE-2022-3171
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
PT-2022-5139 · Google +4 · Protobuf-Java +6
Name of the Vulnerable Software and Affected Versions: protobuf-java versions prior to 3.21.7 protobuf-java versions prior to 3.20.3 protobuf-java versions prior to 3.19.6 protobuf-java versions prior to 3.16.3 Jira Service Management affected versions not specified Jira Work Management affected...
PT-2014-5429 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.16.3 Description: The issue is related to the associative-array implementation in the Linux kernel, specifically the assoc array gc function, which does not properly implement garbage collection. This allows...
PT-2014-7217 · Red Hat +3 · Ceph +3
Name of the Vulnerable Software and Affected Versions: Ceph versions prior to 3.16.3 Linux kernel versions prior to 3.16.3 Description: The issue is related to the improper validation of auth replies in the net/ceph/auth x.c component. This can be exploited by remote attackers using crafted data...