EUVD-2025-7968

Malicious code in bioql PyPI...

Malicious code in @capacitor-bmo/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 73144f96ecbe009cff465503e7a7c8d70408d0a85196d3b8faefbd6809a731e8 The OpenSSF Package Analysis project identified '@capacitor-bmo/common' @ 99.0.1 npm as malicious. It is considered malicious because: - The...

CVE-2025-30539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benedikt Mo BMo Expo bmo-expo allows Stored XSS.This issue affects BMo Expo: from n/a through = 1.0.15...

CVE-2025-30539

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benedikt Mo BMo Expo bmo-expo allows Stored XSS.This issue affects BMo Expo: from n/a through = 1.0.15...

CVE-2025-30539 WordPress BMo Expo plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benedikt Mo BMo Expo allows Stored XSS. This issue affects BMo Expo: from n/a through 1.0.15...

CVE-2025-30539 WordPress BMo Expo plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Benedikt Mo BMo Expo bmo-expo allows Stored XSS.This issue affects BMo Expo: from n/a through = 1.0.15...

CVE-2025-30539

CVE-2025-30539 describes an authenticated Stored Cross-Site Scripting vulnerability in the WordPress/BMo Expo plugin. The vulnerability affects versions up to 1.0.15, with exploit potential requiring authentication. The connected Wordfence vulnerability entry labels it as an authentication‑requir...

WordPress BMo Expo plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin BMo Expo versions = 1.0.15...

WordPress plugin BMo Expo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

openSUSE Security Advisory (SUSE-SU-2024:3731-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3112-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 115.14 fixed: When using an external installation of GnuPG, Thunderbird occassionally sent/received corrupted messages fixed: Users of external GnuPG were unable to decrypt incorrectly encoded messages bmo1906903...

GHSA-9WH7-397J-722M Ironic and ironic-inspector may expose as ConfigMaps

Impact Ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management...

CVE-2023-30841

Baremetal Operator (BMO) pre-0.3.0 stores ironic and ironic-inspector .htpasswd credentials as ConfigMaps, exposing plain-text usernames and hashed passwords to anyone with cluster-wide read access or etcd access. The issue is fixed in BMO release 0.3.0 and via PR #1241. Affected component: Barem...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:1367-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

SUSE: Security Advisory (SUSE-SU-2015:1380-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2020:0003-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for MozillaFirefox (important)

This update for MozillaFirefox fixes the following issues: - update to Firefox 52.6esr boo1077291 MFSA 2018-01 Speculative execution side-channel attack "Spectre" MFSA 2018-03 CVE-2018-5091 bmo1423086 Use-after-free with DTMF timers CVE-2018-5095 bmo1418447 Integer overflow in Skia library during...

openSUSE Security Update : mozilla-nss (openSUSE-2017-504)

Mozilla-nss was updated to 3.28.4 to fix the following issues : Security issues : - CVE-2016-9574: Allow use of session tickets when there is no ticket wrapping key boo1015499, bmo1320695 Non security issues : - A rare crash when initializing an SSL socket fails has been fixed bmo1342358 - Rare...

Security update for Mozilla Thunderbird (important)

This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability. In Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context. - CVE-2016-9079: SVG Animation Remote Code Execution MFSA 2016-92, bsc1012964, bmo1321066...

openSUSE Security Update : MozillaThunderbird (openSUSE-2016-1057)

This update for MozillaThunderbird fixes the following issues : - update to Thunderbird 45.3.0 boo991809 - Disposition-Notification-To could not be used in mail.compose.other.header - 'edit as new message' on a received message pre-filled the sender as the composing identity. - Certain messages...