Total
365258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27775 | 1 Liveaction | 1 Livesp | 2026-07-09 | N/A | 5.4 MEDIUM |
| A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload. | |||||
| CVE-2023-27667 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2026-07-09 | N/A | 9.8 CRITICAL |
| Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2023-27666 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2026-07-09 | N/A | 6.1 MEDIUM |
| Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. | |||||
| CVE-2023-27249 | 1 Swftools | 1 Swftools | 2026-07-09 | N/A | 5.5 MEDIUM |
| swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c. | |||||
| CVE-2023-27243 | 1 Makves | 1 Dcap | 2026-07-09 | N/A | 7.5 HIGH |
| An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. | |||||
| CVE-2023-27237 | 1 Lavalite | 1 Lavalite | 2026-07-09 | N/A | 6.1 MEDIUM |
| LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. | |||||
| CVE-2023-27216 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2026-07-09 | N/A | 8.8 HIGH |
| An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. | |||||
| CVE-2023-27167 | 1 Supremainc | 1 Biostar 2 | 2026-07-09 | N/A | 6.5 MEDIUM |
| Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. | |||||
| CVE-2023-27164 | 1 Halo | 1 Halo | 2026-07-09 | N/A | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | |||||
| CVE-2023-27163 | 1 Rbaskets | 1 Request Baskets | 2026-07-09 | N/A | 6.5 MEDIUM |
| request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. | |||||
| CVE-2023-27162 | 1 Openapi-generator | 1 Openapi Generator | 2026-07-09 | N/A | 9.1 CRITICAL |
| openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. | |||||
| CVE-2023-27161 | 1 Jellyfin | 1 Jellyfin | 2026-07-09 | N/A | 7.5 HIGH |
| Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request. | |||||
| CVE-2023-27160 | 1 Forem | 1 Forem | 2026-07-09 | N/A | 7.2 HIGH |
| forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request. | |||||
| CVE-2023-27159 | 1 Appwrite | 1 Appwrite | 2026-07-09 | N/A | 7.5 HIGH |
| Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. | |||||
| CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2026-07-09 | N/A | 4.6 MEDIUM |
| The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | |||||
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2026-07-09 | N/A | 7.5 HIGH |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | |||||
| CVE-2023-27000 | 1 Netscout | 1 Ngeniusone | 2026-07-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | |||||
| CVE-2023-26999 | 1 Netscout | 1 Ngeniusone | 2026-07-09 | N/A | 9.8 CRITICAL |
| An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | |||||
| CVE-2023-26998 | 1 Netscout | 1 Ngeniusone | 2026-07-09 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | |||||
| CVE-2023-26979 | 1 Bluetens | 1 Bluetensq | 2026-07-09 | N/A | 3.1 LOW |
| Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication. | |||||
