Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-45613
Publication date:
09/10/2023
In JetBrains Ktor before 2.3.5 server certificates were not verified
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-5330
Publication date:
09/10/2023
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-5331
Publication date:
09/10/2023
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-5333
Publication date:
09/10/2023
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-44240
Publication date:
09/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-44473
Publication date:
09/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-44993
Publication date:
09/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2023-44246
Publication date:
09/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-44236
Publication date:
09/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2023

CVE-2023-44237
Publication date:
09/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2023

CVE-2023-44238
Publication date:
09/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-3589
Publication date:
09/10/2023
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2023
Subscribe to Vulnerabilities