Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-36888

Publication date:

14/07/2023

Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

Severity CVSS v4.0: Pending analysis

Last modification:

28/02/2025

CVE-2023-36887

Publication date:

14/07/2023

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Severity CVSS v4.0: Pending analysis

Last modification:

28/02/2025

CVE-2023-36883

Publication date:

14/07/2023

Microsoft Edge for iOS Spoofing Vulnerability

Severity CVSS v4.0: Pending analysis

Last modification:

28/02/2025

CVE-2023-38252

Publication date:

14/07/2023

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Severity CVSS v4.0: Pending analysis

Last modification:

08/02/2025

CVE-2023-37224

Publication date:

14/07/2023

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.

Severity CVSS v4.0: Pending analysis

Last modification:

26/07/2023

CVE-2023-37223

Publication date:

14/07/2023

Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.

Severity CVSS v4.0: Pending analysis

Last modification:

26/07/2023

CVE-2023-32760

Publication date:

14/07/2023

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

Severity CVSS v4.0: Pending analysis

Last modification:

27/07/2023

CVE-2023-32761

Publication date:

14/07/2023

Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.

Severity CVSS v4.0: Pending analysis

Last modification:

27/07/2023

CVE-2023-32759

Publication date:

14/07/2023

An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

27/07/2023

CVE-2023-24896

Publication date:

14/07/2023

Dynamics 365 Finance Spoofing Vulnerability

Severity CVSS v4.0: Pending analysis

Last modification:

29/05/2024

CVE-2023-28985

Publication date:

14/07/2023

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition. On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core. This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598. In order to identify the current SigPack version, following command can be used: user@junos# show security idp security-package-version

Severity CVSS v4.0: Pending analysis

Last modification:

27/07/2023

CVE-2023-36833

Publication date:

14/07/2023

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). The process &#39;aftman-bt&#39; will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service. An indication that the system experienced this issue is the following log message: evo-aftmand-bt[]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202: 21.2 version 21.2R1-EVO and later versions; 21.3 version 21.3R1-EVO and later versions; 21.4 versions prior to 21.4R3-S3-EVO; 22.1 version 22.1R1-EVO and later versions; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R3-EVO; 22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.

Severity CVSS v4.0: Pending analysis

Last modification:

27/07/2023

Subscribe to Vulnerabilities