HT Mega < 3.0.7 - Sensitive Information Disclosure

The HT Mega plugin for WordPress is vulnerable to Sensitive Information Exposure via AJAX actions. This template dynamically extracts the security nonce before exploitation. id: CVE-2026-4106 info: name: HT Mega 3.0.7 - Sensitive Information Disclosure author: EFETR severity: high description: |...

CVE-2026-4106

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII such as full name, city, state and country of customers who placed orders in the last 7 days...

CVE-2026-4106

creationtimestamp| type| source ---|---|--- 2026-04-12 01:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/79929 2026-04-12 02:46:41+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-4106.yaml 2026-04-12 03:00:07+00:00|...

Exploit for CVE-2026-4106

WordPress HTMega Unauthenti...

CVE-2023-4106

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks...

CVE-2025-4106

creationtimestamp| type| source ---|---|--- 2025-10-24 23:06:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m3xygzvlrd2f...

Firebox T15 contains an issue with hidden functionality

Overview Firebox T15 provided by WatchGuard Technologies contains the following vulnerability. Hidden functionality CWE-912 - CVE-2025-4106 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker may log...

CVE-2011-4106

TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...

DLA-4106-1 jetty9 - security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2015-4106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain...

openSUSE Security Advisory (SUSE-SU-2024:4106-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2024-4106

Summary (CVE-2024-4106) Yokogawa FAST/TOOLS and CI Server are affected by an authentication issue due to built-in accounts with no passwords. Affected versions: FAST/TOOLS R9.01–R10.04 (Packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) and CI Server R1.01.00–R1.03.00. The CISA/ICS advisory details ...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2013-4106

creationtimestamp| type| source ---|---|--- 2024-02-14 09:26:53+00:00| seen| https://t.me/ctinow/184498...

MAL-2024-545 Malicious code in wlwz-2312-4106 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b51e13678f22e4ab360e099ddb1d7e34a4fd28ecec6418ddbd39b22f4c378ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-4106 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b51e13678f22e4ab360e099ddb1d7e34a4fd28ecec6418ddbd39b22f4c378ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-4106

creationtimestamp| type| source ---|---|--- 2023-08-11 12:30:24+00:00| seen| https://t.me/cibsecurity/68330...

CVE-2023-4106 A guest user can perform various actions on public playbooks

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks...