CVE-2026-4237

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-4237 itsourcecode Free Hotel Reservation System index.php sql injection

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-4237

CVE-2026-4237 affects itsourcecode Free Hotel Reservation System 1.0. The vulnerability is an SQL injection in the admin reporting page, specifically /hotel/admin/mod_reports/index.php, triggered by manipulating the Home parameter. The issue is exploitable remotely with no authentication required...

MiracleLinux 4 : glibc-2.12-1.149.AXS4 (AXSA:2014-607:06)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-607:06 advisory. Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory...

MINI-4237-P8H6-F6R6

Bulletin has no description...

CVE-2022-4237

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a...

CVE-2025-4237

creationtimestamp| type| source ---|---|--- 2025-05-03 15:19:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14695 2025-05-03 16:38:46+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lobq6adw53s2 2025-05-03...

Linux Distros Unpatched Vulnerability : CVE-2010-4237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate...

openSUSE: Security Advisory for the Linux Kernel (Live Patch 47 for SLE 15 SP3) (SUSE-SU-2024:4237-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : go-toolset (ALSA-2024:4237)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4237 advisory. golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6...

Oracle Linux 8 : go-toolset (ELSA-2024-4237)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4237 advisory. - Update to Go1.21.11 to address CVE-2024-24789 and CVE-2024-24790 - Rebase to Go1.21.11 that includes fixes for CVE-2024-24789 and CVE-2024-24790...

CVE-2021-4237

Rejected reason: reserved but not needed...

CVE-2024-4237 Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2023-4237

creationtimestamp| type| source ---|---|--- 2023-10-04 18:12:26+00:00| seen| https://t.me/cibsecurity/71591...

CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availabili...

CVE-2023-4237

The CVE-2023-4237 issue affects Red Hat Ansible Automation Platform: when creating a new keypair, the ec2_key module prints the private key to stdout, enabling leakage via logs and compromising confidentiality, integrity, and availability. Remediation is available: upgrade to the latest release (...

Cisco Nexus Operating System Devices Command Line Interface Local Privilege Escalation (CVE-2015-4237)

The CLI parser in Cisco NX-OS 4.12E11, 6.211b, 6.212, 7.20ZZ99.1, 7.20ZZ99.3, and 9.11SV13.1.8 on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and...

CVE-2022-4237

creationtimestamp| type| source ---|---|--- 2023-01-03 00:16:39+00:00| seen| https://t.me/cibsecurity/55747 2025-04-10 18:49:35+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11316...

CVE-2022-4237

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a...

CVE-2022-4237

The CVE-2022-4237 issue affects the Welcart e-Commerce WordPress plugin up to version 2.8.6. The vulnerability arises because the plugin does not validate user input before using it in file_exist() functions via various AJAX actions accessible to authenticated users, enabling PHAR deserialisation...