HP LaserJet Printers Path Traversal (CVE-2010-4107)

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers...

@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +47 more potentially affected by unknown CVE via @antv/x6-plugin-scroller (>=2.0.10 <=2.0.9)

@antv/x6-plugin-scroller NPM version =2.0.10, =2.0.1, =0.0.1, =0.0.4, =1.2.0, =1.12.1, =2.0.4, =0.0.27, =3.0.0, =3.3.1-alpha.2, =0.0.1-alpha.6, =0.0.9, =0.1.8 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4107...

CVE-2026-4107

creationtimestamp| type| source ---|---|--- 2026-04-03 13:19:05+00:00| seen| Telegram/YV8cS3UbatxDTGe0fjayhbeNknefcE-s36BQ9lt853A06hI 2026-04-03 13:19:23+00:00| seen| Telegram/QqwQTSXFRfWkuAVwlsaqg6mFQm4R2dirgmJdEmZNl5G-CtQ 2026-04-04 02:40:10+00:00| seen|...

EUVD-2026-4107

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Magic Slider magicslider allows Reflected XSS.This issue affects Magic Slider: from n/a through = 2.2...

CVE-2023-4107

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name...

CVE-2022-4107

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server...

CVE-2021-4107

yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2012-4107

The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489...

SUSE: Security Advisory (SUSE-SU-2024:4107-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:4107-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4107 Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Elementor Pro Plugin <= 3.21.0 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Pro Type Plugin Vulnerable versions = 3.21.0 Fixed in 3.21.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4107 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e068ca3d9a8 Credits wesley wcraft Required...

CVE-2013-4107

creationtimestamp| type| source ---|---|--- 2024-02-04 08:37:06+00:00| seen| https://t.me/ctinow/178723...

Malicious code in wlwz-2312-4107 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6c6a26ea02c6de60bd98235d25b3647361a59a83bfc29430cc00db46abea28f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-4107

creationtimestamp| type| source ---|---|--- 2023-08-11 12:27:16+00:00| seen| https://t.me/cibsecurity/68321...

CVE-2023-4107

Mattermost: Incorrect authorization allows a user manager to update a system admin’s details (email, first name, last name) due to inadequate permission checks. Affects Mattermost server implementations documented across Red Hat, EUVD/ENISA, VERACODE, OSV, GHSA and NVD entries. The issue is descr...

CVE-2023-4107 Incorrect authorization allows a user manager to update a system admin

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name...

CVE-2022-4107

creationtimestamp| type| source ---|---|--- 2022-12-19 16:10:40+00:00| seen| https://t.me/cibsecurity/54865...

CVE-2022-4107 SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server...

CVE-2022-4107

The CVE-2022-4107 issue affects the WordPress SMSA Shipping for WooCommerce plugin prior to version 1.0.5. Affected functionality allows authenticated users (e.g., subscribers) to download arbitrary server files due to missing authorization checks, CSRF protection, and file validation. Consequenc...