Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-33725
Publication date:
21/06/2023
Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-27429
Publication date:
21/06/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2023-27414
Publication date:
21/06/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2023-27432
Publication date:
21/06/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2023-27450
Publication date:
21/06/2023
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin 
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2023-33584
Publication date:
21/06/2023
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2023-27439
Publication date:
21/06/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2023-27443
Publication date:
21/06/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2022-45287
Publication date:
21/06/2023
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2022-3372
Publication date:
21/06/2023
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2023-3351
Publication date:
21/06/2023
Rejected reason: Wrong year requested.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-34981
Publication date:
21/06/2023
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024
Subscribe to Vulnerabilities