SUSE-SU-2025:01537-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.40 - CVE-2025-31650: invalid priority field values should be ignored bsc1242008 - CVE-2025-31651: Better handling of URLs with literal ';' and '?' bsc1242009 Full changelog:...

WordPress Bold Page Builder plugin <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via additionalsettings Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Bold Page Builder versions = 5.3.6...

WordPress Smash Balloon Instagram Feed plugin <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-plugin Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin Instagram Feed versions = 6.9.0...

WordPress Property plugin 1.0.5-1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration vulnerability

Missing Authorization to Authenticated Author+ Privilege Escalation via propertypackageuserrole Metadata in PayPal Registration vulnerability discovered by kr0d in WordPress Plugin Property versions 1.0.5-1.0.6...

WordPress eMagicOne Store Manager for WooCommerce plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() vulnerability

Unauthenticated Arbitrary File Upload via setfile vulnerability discovered by Ryan Kozak in WordPress Plugin eMagicOne Store Manager versions = 1.2.5...

WordPress WP SMTP plugin <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email vulnerability

Unauthenticated Stored Cross-Site Scripting via Email vulnerability discovered by zer0gh0st in WordPress Plugin WP SMTP versions = 2.1.5...

CVE-2024-22247

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be...

CVE-2022-34643

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory...

CVE-2022-29944

An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed...

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin < 8.4.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Blog2Social versions 8.4.0...

CVE-2021-26832

Cross Site Scripting XSS in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site...

WordPress Infocob CRM Forms plugin <= 2.4.0 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by astra.r3verii in WordPress Plugin Infocob CRM Forms versions = 2.4.0...

CVE-2020-9299

There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user...

WordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Anhchangmutrang Patchstack Alliance in WordPress Plugin MapSVG versions 8.6.13...

WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability

Limited .txt Path Traversal vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Advanced Database Cleaner PRO versions = 3.2.10...

WordPress Bus Ticket Booking with Seat Reservation for WooCommerce plugin <= 1.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Bus Ticket Booking with Seat Reservation for WooCommerce versions = 1.7...

WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin ReDi Restaurant Reservation versions = 24.1209...

WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin User Meta versions = 3.1.2...

WordPress Ads Pro plugin <= 4.89 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin Ads Pro versions = 4.89...

WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin Tourmaster versions = 5.3.8...