Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29026
Publication date:
11/05/2023
<br /> A cross site scripting vulnerability was discovered in Rockwell Automation&amp;#39;s ArmorStart ST product <br /> <br /> that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2023-29028
Publication date:
11/05/2023
<br /> A cross site scripting vulnerability was discovered in Rockwell Automation&amp;#39;s ArmorStart ST product <br /> <br /> that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2023-29027
Publication date:
11/05/2023
<br /> A cross site scripting vulnerability was discovered in Rockwell Automation&amp;#39;s ArmorStart ST product <br /> <br /> that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2023-29029
Publication date:
11/05/2023
<br /> A cross site scripting vulnerability was discovered in Rockwell Automation&amp;#39;s ArmorStart ST product <br /> <br /> that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2023-29030
Publication date:
11/05/2023
<br /> A cross site scripting vulnerability was discovered in Rockwell Automation&amp;#39;s ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-29031
Publication date:
11/05/2023
<br /> A cross site scripting vulnerability was discovered in Rockwell Automation&amp;#39;s ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-29022
Publication date:
11/05/2023
<br /> A cross site scripting vulnerability was discovered in Rockwell Automation&amp;#39;s ArmorStart ST product <br /> <br /> that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2023-29024
Publication date:
11/05/2023
<br /> A cross site scripting vulnerability was discovered in Rockwell Automation&amp;#39;s ArmorStart ST product <br /> <br /> A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-25309
Publication date:
11/05/2023
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2025

CVE-2023-32075
Publication date:
11/05/2023
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2023

CVE-2023-29400
Publication date:
11/05/2023
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2023-24540
Publication date:
11/05/2023
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025
Subscribe to Vulnerabilities