LiveActive security incident?Get immediate response
CVE archive

July 2023

Browse CVE records published in July 2023, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 2178 matching CVEs · Page 1 of 44.

Unknown · CVSS Not scored

CVE-2023-31824: An issue found in DERICIA Co.

An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.

Published Jul 13, 2023 · Updated Jul 5, 2026

Unknown · CVSS Not scored

CVE-2023-31821: An issue found in ALBIS Co.

An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function.

Published Jul 13, 2023 · Updated Jul 5, 2026

Unknown · CVSS Not scored

CVE-2023-31819: An issue found in KEISEI STORE Co, Ltd.

An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.

Published Jul 13, 2023 · Updated Jul 5, 2026

Low · CVSS 3.7

CVE-2023-32251: Kernel: ksmbd brute force delay bypass via asynchronous requests

A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms.

Published Jul 31, 2025 · Updated Jun 30, 2026

Medium · CVSS 5.9

CVE-2023-2593: Kernel: ksmbd memory exhaustion denial-of-service vulnerability

A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.

Published Jul 30, 2025 · Updated Jun 29, 2026

High · CVSS 7

CVE-2023-3640: Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.

Published Jul 24, 2023 · Updated Jun 26, 2026

Medium · CVSS 5.5

CVE-2023-3745: Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

Published Jul 24, 2023 · Updated Jun 26, 2026

Critical · CVSS 9.8

CVE-2023-1547: SQLi in Elra Computers Parkmatik

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection. This issue affects Parkmatik: before 02.01-a51.

Published Jul 13, 2023 · Updated Jun 1, 2026

Critical · CVSS 9.8

CVE-2023-2957: SQLi in Lisa Softwares Florist Site

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0.

Published Jul 13, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-2958: IDOR in ATS Pro

Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. This issue affects ATS Pro: before 20230714.

Published Jul 17, 2023 · Updated May 22, 2026

Medium · CVSS 6.1

CVE-2023-2960: XSS in Oliva Expertise

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS). This issue affects Oliva Expertise EKS: before 1.2.

Published Jul 17, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-2963: SQLi in Oliva Expertise

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2.

Published Jul 17, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-3045: SQLi in Tise Technology's Parking Web Report

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: before 2.1.

Published Jul 9, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-3046: SQLi in Biltay Technlogys Scienta

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection. This issue affects Scienta: before 20230630.1953.

Published Jul 25, 2023 · Updated May 22, 2026

High · CVSS 7.5

CVE-2023-35069: Path Traversal in Bullwark

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal. This issue affects Bullwark: before BLW-2016E-960H.

Published Jul 13, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-35066: SQLi in Infodrom Sofwares E-Invoice Approval System

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection. This issue affects E-Invoice Approval System: before v.20230701.

Published Jul 25, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-35070: SQL in VegaGroup Web Collection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection. This issue affects Web Collection: before 31197.

Published Jul 13, 2023 · Updated May 22, 2026

Medium · CVSS 5.4

CVE-2023-3319: XSS in iDisplays PlatPlay DS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS. This issue affects PlatPlay DS: before 3.14.

Published Jul 13, 2023 · Updated May 22, 2026

Critical · CVSS 9.8

CVE-2023-3376: SQLi in Digital Strategys Zekiweb

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection. This issue affects Zekiweb: before 2.

Published Jul 17, 2023 · Updated May 22, 2026