CVE-2026-3237

In Octopus Server, a low-privileged user could exploit an API endpoint with insufficient permission validation to modify the signing key expiration and revocation time frames. The issue affects the API layer but does not allow exposure of signing keys. CVSS v4.0 base score 2.3 (LOW) with network ...

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

EUVD-2026-3237

A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly...

GHSA-3237-QQM7-MFV7

creationtimestamp| type| source ---|---|--- 2026-01-08 23:06:31+00:00| published-proof-of-concept| Telegram/cKPc-ot7q59oJlAnZ-7jvmlHxodzTn6vxzXmtBFpdCfArg...

Linux Distros Unpatched Vulnerability : CVE-2011-3237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and...

CVE-2025-3237 Tenda FH1202 wrlwpsset access control

A vulnerability was found in Tenda FH1202 1.2.0.14408. It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public an...

WordPress ConvertPlus Plugin <= 3.5.25 is vulnerable to Broken Access Control

Software ConvertPlus Type Plugin Vulnerable versions = 3.5.25 Fixed in 3.5.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5a31149e9135 Credits M.Awad Required privilege...

CVE-2024-3237

CVE-2024-3237 affects ConvertPlug/ConvertPlus for WordPress: all versions up to 3.5.25 lack a capability check in cp_dismiss_notice(), enabling authenticated users with subscriber-level access and higher to modify arbitrary options to true. Red Hat and Wordfence references confirm the vulnerabili...

CVE-2023-3237

Summary (CVE-2023-3237): OTCMS versions up to 6.62 are affected by a vulnerability where credential handling allows a hard-coded password when the input is the admin username/password. This stems from vulnerable code paths that can be triggered during authentication and has been publicly disclose...

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

CVE-2023-3237 OTCMS hard-coded password

A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier ...

CVE-2022-3237

creationtimestamp| type| source ---|---|--- 2022-10-31 19:38:21+00:00| seen| https://t.me/cibsecurity/52305...

CVE-2022-3237

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-3237

CVE-2022-3237 affects the WP Contact Slider WordPress plugin prior to version 2.4.8. Root cause: the plugin does not sanitize and escape its settings, allowing a high-privilege user (e.g., admin) to perform cross-site scripting even when unfiltered_html is disallowed. Impact: stored XSS that can ...

CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Slackware: Security Advisory (SSA:2015-302-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:3237-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:3237-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : thunderbird (CESA-2019:3237)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:3237 advisory. - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total Security...