Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-33551
Publication date:
01/06/2023
Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2023-33552
Publication date:
01/06/2023
Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2023-33965
Publication date:
01/06/2023
Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2023

CVE-2023-3035
Publication date:
01/06/2023
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230467.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-33546
Publication date:
01/06/2023
Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024

CVE-2015-10109
Publication date:
01/06/2023
A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2022-43760
Publication date:
01/06/2023
An Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is <br /> executed within another user&amp;#39;s browser, allowing the attacker to steal <br /> sensitive information, manipulate web content, or perform other <br /> malicious activities on behalf of the victims. This could result in a <br /> user with write access to the affected areas being able to act on behalf<br /> of an administrator, once an administrator opens the affected web page.<br /> <br /> <br /> This issue affects Rancher: from &gt;= 2.6.0 before = 2.7.0 before
Severity CVSS v4.0: Pending analysis
Last modification:
08/06/2023

CVE-2023-22648
Publication date:
01/06/2023
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users <br /> while they are logged in the Rancher UI. This would cause the users to <br /> retain their previous permissions in Rancher, even if they change groups<br /> on Azure AD, for example, to a lower privileged group, or are removed <br /> from a group, thus retaining their access to Rancher instead of losing <br /> it.<br /> This issue affects Rancher: from &gt;= 2.6.7 before = 2.7.0 before
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024

CVE-2023-22647
Publication date:
01/06/2023
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local<br /> cluster, resulting in the secret being deleted, but their read-level <br /> permissions to the secret being preserved. When this operation was <br /> followed-up by other specially crafted commands, it could result in the <br /> user gaining access to tokens belonging to service accounts in the local cluster.<br /> <br /> <br /> This issue affects Rancher: from &gt;= 2.6.0 before = 2.7.0 before
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024

CVE-2023-33544
Publication date:
01/06/2023
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2014-125104
Publication date:
01/06/2023
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The patch is named e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-32181
Publication date:
01/06/2023
A Buffer Copy without Checking Size of Input (&amp;#39;Classic Buffer Overflow&amp;#39;) vulnerability in openSUSE libeconf allows for DoS via malformed configuration files<br /> This issue affects libeconf: before 0.5.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025
Subscribe to Vulnerabilities