Vulnerabilities (CVE)

Total 365230 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-30057 1 Fico 1 Origination Manager Decision 2026-07-09 N/A 5.4 MEDIUM
Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-30056 1 Fico 1 Origination Manager Decision 2026-07-09 N/A 7.5 HIGH
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.
CVE-2023-29863 1 Medisys 1 Weblab 2026-07-09 N/A 9.8 CRITICAL
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.
CVE-2023-29820 1 Webroot 1 Secureanywhere 2026-07-09 N/A 5.5 MEDIUM
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.
CVE-2023-29819 1 Webroot 1 Secureanywhere 2026-07-09 N/A 5.5 MEDIUM
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload.
CVE-2023-29818 1 Webroot 1 Secureanywhere 2026-07-09 N/A 5.5 MEDIUM
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.
CVE-2023-29778 1 Gl-inet 2 Gl-mt3000, Gl-mt3000 Firmware 2026-07-09 N/A 9.8 CRITICAL
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread.
CVE-2023-29725 1 Bt21 X Bts Wallpaper Project 1 Bt21 X Bts Wallpaper 2026-07-09 N/A 5.5 MEDIUM
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.
CVE-2023-29724 1 Bt21 X Bts Wallpaper Project 1 Bt21 X Bts Wallpaper 2026-07-09 N/A 7.8 HIGH
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.
CVE-2023-27823 1 Optoma 1 1080pstx 2026-07-09 N/A 9.8 CRITICAL
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
CVE-2023-27812 1 Bloofox 1 Bloofoxcms 2026-07-09 N/A 9.1 CRITICAL
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
CVE-2023-27779 1 Amsystem 1 Am Presencia 2026-07-09 N/A 9.8 CRITICAL
AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form.
CVE-2023-27775 1 Liveaction 1 Livesp 2026-07-09 N/A 5.4 MEDIUM
A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload.
CVE-2023-27667 1 Auto Dealer Management System Project 1 Auto Dealer Management System 2026-07-09 N/A 9.8 CRITICAL
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.
CVE-2023-27666 1 Auto Dealer Management System Project 1 Auto Dealer Management System 2026-07-09 N/A 6.1 MEDIUM
Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings.
CVE-2023-27249 1 Swftools 1 Swftools 2026-07-09 N/A 5.5 MEDIUM
swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.
CVE-2023-27243 1 Makves 1 Dcap 2026-07-09 N/A 7.5 HIGH
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
CVE-2023-27237 1 Lavalite 1 Lavalite 2026-07-09 N/A 6.1 MEDIUM
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
CVE-2023-27216 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2026-07-09 N/A 8.8 HIGH
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.
CVE-2023-27167 1 Supremainc 1 Biostar 2 2026-07-09 N/A 6.5 MEDIUM
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.