SUSE-SU-2025:4196-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61661: Fixed out-of-bounds write in...

CVE-2025-12086

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wpsrmacancelreturnrequest' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...

EUVD-2024-18536

Malicious code in bioql PyPI...

EUVD-2022-2998

Malicious code in bioql PyPI...

EUVD-2025-21855

Malicious code in bioql PyPI...

CVE-2025-6222

The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'cedrnxorderexchangeattachfiles' function in all versions up to, and including, 3.2.6. This...

CVE-2025-6222 WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload

The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'cedrnxorderexchangeattachfiles' function in all versions up to, and including, 3.2.6. This...

MAL-2025-5205 Malicious code in rma-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afd3860d2c559adbec7c4b9f7969ba91923264af177c77229e3f4a50e31f9ac7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rma-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afd3860d2c559adbec7c4b9f7969ba91923264af177c77229e3f4a50e31f9ac7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-20821

A vulnerability possible to reconfigure OTP allows local attackers to transit RMAReturn Merchandise Authorization mode, which disables security features. This attack needs additional privilege to control TEE...

CVE-2024-20821

A vulnerability possible to reconfigure OTP allows local attackers to transit RMAReturn Merchandise Authorization mode, which disables security features. This attack needs additional privilege to control TEE...

CVE-2024-20821

A vulnerability possible to reconfigure OTP allows local attackers to transit RMAReturn Merchandise Authorization mode, which disables security features. This attack needs additional privilege to control TEE...

CVE-2024-20821

CVE-2024-20821 affects Samsung Exynos SoCs (e.g., Exynos1380, Exynos1330, Exynos2400) where a vulnerability allows a local attacker to reconfigure OTP and transit into RMA mode, disabling security features. The underlying issue is a reconfigurable OTP that requires an additional privilege to cont...

CVE-2024-20821

A vulnerability possible to reconfigure OTP allows local attackers to transit RMAReturn Merchandise Authorization mode, which disables security features. This attack needs additional privilege to control TEE...

BIT-MAGENTO-2021-28583 Magento Commerce insecure storage of sensitive documentation

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources...

rma-abbeville.fr Cross Site Scripting vulnerability OBB-3864050

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-2417

A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files x86\HostMonitor\RMA-Win\rmaactive.exe. The manipulation leads to unquoted search path. It is possible to launch t...

PT-2023-19457 · Ks Soft · Advanced Host Monitor

Name of the Vulnerable Software and Affected Versions: ks-soft Advanced Host Monitor versions up to 12.56 Description: A vulnerability was found in the software, classified as problematic, affecting some unknown functionality of the file C:Program Files x86HostMonitorRMA-Winrma active.exe. The...

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users...

Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources...