Total
365230 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30057 | 1 Fico | 1 Origination Manager Decision | 2026-07-09 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2023-30056 | 1 Fico | 1 Origination Manager Decision | 2026-07-09 | N/A | 7.5 HIGH |
| A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. | |||||
| CVE-2023-29863 | 1 Medisys | 1 Weblab | 2026-07-09 | N/A | 9.8 CRITICAL |
| Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. | |||||
| CVE-2023-29820 | 1 Webroot | 1 Secureanywhere | 2026-07-09 | N/A | 5.5 MEDIUM |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819. | |||||
| CVE-2023-29819 | 1 Webroot | 1 Secureanywhere | 2026-07-09 | N/A | 5.5 MEDIUM |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | |||||
| CVE-2023-29818 | 1 Webroot | 1 Secureanywhere | 2026-07-09 | N/A | 5.5 MEDIUM |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. | |||||
| CVE-2023-29778 | 1 Gl-inet | 2 Gl-mt3000, Gl-mt3000 Firmware | 2026-07-09 | N/A | 9.8 CRITICAL |
| GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | |||||
| CVE-2023-29725 | 1 Bt21 X Bts Wallpaper Project | 1 Bt21 X Bts Wallpaper | 2026-07-09 | N/A | 5.5 MEDIUM |
| The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. | |||||
| CVE-2023-29724 | 1 Bt21 X Bts Wallpaper Project | 1 Bt21 X Bts Wallpaper | 2026-07-09 | N/A | 7.8 HIGH |
| The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. | |||||
| CVE-2023-27823 | 1 Optoma | 1 1080pstx | 2026-07-09 | N/A | 9.8 CRITICAL |
| An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. | |||||
| CVE-2023-27812 | 1 Bloofox | 1 Bloofoxcms | 2026-07-09 | N/A | 9.1 CRITICAL |
| bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. | |||||
| CVE-2023-27779 | 1 Amsystem | 1 Am Presencia | 2026-07-09 | N/A | 9.8 CRITICAL |
| AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form. | |||||
| CVE-2023-27775 | 1 Liveaction | 1 Livesp | 2026-07-09 | N/A | 5.4 MEDIUM |
| A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2023-27667 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2026-07-09 | N/A | 9.8 CRITICAL |
| Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-27666 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2026-07-09 | N/A | 6.1 MEDIUM |
| Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. | |||||
| CVE-2023-27249 | 1 Swftools | 1 Swftools | 2026-07-09 | N/A | 5.5 MEDIUM |
| swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c. | |||||
| CVE-2023-27243 | 1 Makves | 1 Dcap | 2026-07-09 | N/A | 7.5 HIGH |
| An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. | |||||
| CVE-2023-27237 | 1 Lavalite | 1 Lavalite | 2026-07-09 | N/A | 6.1 MEDIUM |
| LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. | |||||
| CVE-2023-27216 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2026-07-09 | N/A | 8.8 HIGH |
| An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | |||||
| CVE-2023-27167 | 1 Supremainc | 1 Biostar 2 | 2026-07-09 | N/A | 6.5 MEDIUM |
| Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. | |||||
