Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-33559

Publication date:

26/10/2023

A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2023-39726

Publication date:

26/10/2023

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

Severity CVSS v4.0: Pending analysis

Last modification:

10/09/2024

CVE-2023-46663

Publication date:

26/10/2023

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2023-46664

Publication date:

26/10/2023

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2023-0897

Publication date:

26/10/2023

Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2023-39427

Publication date:

26/10/2023

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2025

CVE-2023-39936

Publication date:

26/10/2023

In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Severity CVSS v4.0: Pending analysis

Last modification:

06/11/2023

CVE-2023-46661

Publication date:

26/10/2023

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

Severity CVSS v4.0: Pending analysis

Last modification:

06/11/2023

CVE-2023-46662

Publication date:

26/10/2023

Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.

Severity CVSS v4.0: Pending analysis

Last modification:

06/11/2023

CVE-2023-5754

Publication date:

26/10/2023

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

Severity CVSS v4.0: Pending analysis

Last modification:

06/11/2023

CVE-2023-5804

Publication date:

26/10/2023

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

17/05/2024

CVE-2023-44267

Publication date:

26/10/2023

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The &#39;lnm&#39; parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2023

Subscribe to Vulnerabilities