@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +42 more potentially affected by unknown CVE via @antv/x6-plugin-export (=2.1.6)

@antv/x6-plugin-export NPM version =2.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6-plugin-export and may be impacted: - @antv/xflow =2.0.1, =0.0.1, =0.0.1, =0.0.3, =0.6.1, =0.1.27, =0.1.1, =0.0.4, =2.0.4, =0.0.27, =3.0.0, =0.0.3, =0.3.2...

MiracleLinux 9 : thunderbird-91.13.0-1.el9.ML.1 (AXSA:2022-4103:21)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4103:21 advisory. Mozilla: Address bar spoofing via XSLT error handling CVE-2022-38472 Mozilla: Cross-origin XSLT Documents would have inherited the parent's...

SUSE: Security Advisory (SUSE-SU-2025:4103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-4103

creationtimestamp| type| source ---|---|--- 2025-05-31 07:12:29+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqh6zvdkpid2 2025-05-31 09:37:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqhh5uz7v42q...

CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function

The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...

CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function

The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpajaxwpgmstartgeojsonimport function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their...

WordPress WP-GeoMeta plugin 0.3.4-0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation via wpajaxwpgmstartgeojsonimport Function vulnerability discovered by kr0d in WordPress Plugin WP-GeoMeta versions 0.3.4-0.3.5...

CVE-2022-4103

The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post as well as any post type with an...

CVE-2021-4103

Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 1.0.34...

DLA-4103-1 suricata - security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2015-4103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a...

CVE-2024-4103

CVE-2024-4103 affects ADFO – Custom data in admin dashboard for WordPress. It is a CSRF vulnerability in all versions up to 1.9.0 caused by missing/incorrect nonce validation on functions hooked via the controller() function, enabling unauthenticated attackers to edit plugin settings if a site ad...

CVE-2024-4103 ADFO – Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery

The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller function. This makes it possible for...

RHEL 7 / 8 : OpenShift Virtualization 4.9.0 RPMs (RHSA-2021:4103)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4103 advisory. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains...

Malicious code in wlwz-2312-4103 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f29704fd46ad198db6daadf06edc47af0b09afaa4a3dcd2ca1d053d49dcaf1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-542 Malicious code in wlwz-2312-4103 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f29704fd46ad198db6daadf06edc47af0b09afaa4a3dcd2ca1d053d49dcaf1b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE SLES15 Security Update : buildah (SUSE-SU-2023:4103-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4103-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

CVE-2023-4103

creationtimestamp| type| source ---|---|--- 2023-10-03 16:41:29+00:00| seen| https://t.me/cibsecurity/71501...

CVE-2023-4103

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

CVE-2023-4103

CVE-2023-4103 describes a remote SQL injection in IDM Sistemas QSige caused by improper input parameter filtering in the web application. This leads to potential SQL injections, information disclosure, and Denial of Service, with all three CIA impacts rated High. A prerequisite for exploitation i...