medusa-plugin-momo (>=0.0.48 <=0.0.67), medusa-plugin-zalopay (>=0.0.28 <=0.0.39) potentially affected by unknown CVE via medusa-plugin-logs (>=0.0.1 <=0.0.16)

medusa-plugin-logs NPM version =0.0.1, =0.0.48, =0.0.28, =0.0.39 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191128...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2025-198826

Malicious code in medusa-plugin-momo npm...

Malicious code in medusa-plugin-momo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4670d82d1db3b1865426e69d47798cb98aaed8be48cec99e86be3741872aa936 The package medusa-plugin-momo was found to contain malicious code. Source: ghsa-malware...

MAL-2025-190850 Malicious code in medusa-plugin-momo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4670d82d1db3b1865426e69d47798cb98aaed8be48cec99e86be3741872aa936 The package medusa-plugin-momo was found to contain malicious code. Source: ghsa-malware...

EUVD-2024-49648

Malicious code in bioql PyPI...

CVE-2019-13099

The Momo application 2.1.9 for Android stores confidential information insecurely on the system i.e., in cleartext, which allows a non-root user to find out the username/password of a valid user and a user's access token via Logcat...

MAL-2025-3125 Malicious code in vue-device-momo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ae0b6eb55ed48ce32781c980e9b2dd1a16d1ef0bc62b3652e65ddad9e3da0f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vue-device-momo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ae0b6eb55ed48ce32781c980e9b2dd1a16d1ef0bc62b3652e65ddad9e3da0f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2576 Malicious code in momo-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 81d74db94da3274b3d9b70e5de7f5b926c9c1af17a6d2a6b733d63a4cbacdf41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in momo-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 81d74db94da3274b3d9b70e5de7f5b926c9c1af17a6d2a6b733d63a4cbacdf41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-8914

The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wpksesallowedhtml function, which allows the 'onclick' attribute for...

CVE-2024-8914 Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting

The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wpksesallowedhtml function, which allows the 'onclick' attribute for...

PT-2024-39315

Name of the Vulnerable Software and Affected Versions: Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the w...

momo-net.com Cross Site Scripting vulnerability OBB-3939109

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious code in momo-audiences (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2670 Malicious code in momo-audiences (npm)

--- -= Per source details. Do not edit below this line.=-...

momo-lune.com Cross Site Scripting vulnerability OBB-3900368

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious code in @momo-miniapp/apix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 351e83f78d4df4b622201021ad8c9174b5816c9d1488ba1d409306c9353919d6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

momo-natural.co.jp Cross Site Scripting vulnerability OBB-1370036

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...