Vulnerabilities (CVE)

Total 365258 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27775 1 Liveaction 1 Livesp 2026-07-09 N/A 5.4 MEDIUM
A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload.
CVE-2023-27667 1 Auto Dealer Management System Project 1 Auto Dealer Management System 2026-07-09 N/A 9.8 CRITICAL
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.
CVE-2023-27666 1 Auto Dealer Management System Project 1 Auto Dealer Management System 2026-07-09 N/A 6.1 MEDIUM
Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings.
CVE-2023-27249 1 Swftools 1 Swftools 2026-07-09 N/A 5.5 MEDIUM
swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.
CVE-2023-27243 1 Makves 1 Dcap 2026-07-09 N/A 7.5 HIGH
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
CVE-2023-27237 1 Lavalite 1 Lavalite 2026-07-09 N/A 6.1 MEDIUM
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
CVE-2023-27216 1 Dlink 2 Dsl-3782, Dsl-3782 Firmware 2026-07-09 N/A 8.8 HIGH
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.
CVE-2023-27167 1 Supremainc 1 Biostar 2 2026-07-09 N/A 6.5 MEDIUM
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
CVE-2023-27164 1 Halo 1 Halo 2026-07-09 N/A 4.8 MEDIUM
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
CVE-2023-27163 1 Rbaskets 1 Request Baskets 2026-07-09 N/A 6.5 MEDIUM
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVE-2023-27162 1 Openapi-generator 1 Openapi Generator 2026-07-09 N/A 9.1 CRITICAL
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVE-2023-27161 1 Jellyfin 1 Jellyfin 2026-07-09 N/A 7.5 HIGH
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
CVE-2023-27160 1 Forem 1 Forem 2026-07-09 N/A 7.2 HIGH
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
CVE-2023-27159 1 Appwrite 1 Appwrite 2026-07-09 N/A 7.5 HIGH
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
CVE-2023-27126 1 Tp-link 2 Tapo C200, Tapo C200 Firmware 2026-07-09 N/A 4.6 MEDIUM
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.
CVE-2023-27098 1 Tp-link 2 Tapo, Tapo C200 2026-07-09 N/A 7.5 HIGH
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
CVE-2023-27000 1 Netscout 1 Ngeniusone 2026-07-09 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).
CVE-2023-26999 1 Netscout 1 Ngeniusone 2026-07-09 N/A 9.8 CRITICAL
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.
CVE-2023-26998 1 Netscout 1 Ngeniusone 2026-07-09 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
CVE-2023-26979 1 Bluetens 1 Bluetensq 2026-07-09 N/A 3.1 LOW
Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication.