Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-38950
Publication date:
03/08/2023
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2025

CVE-2023-37501
Publication date:
03/08/2023
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign.  An attacker could hijack a user&amp;#39;s session and perform other attacks.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2023

CVE-2023-38949
Publication date:
03/08/2023
An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2023-37500
Publication date:
03/08/2023
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform.  An attacker could hijack a user&amp;#39;s session and perform other attacks.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2023

CVE-2023-37499
Publication date:
03/08/2023
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform.  An attacker could hijack a user&amp;#39;s session and perform other attacks.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2023

CVE-2023-37498
Publication date:
03/08/2023
A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.  It is possible that an attacker could potentially escalate their privileges.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2023-37497
Publication date:
03/08/2023
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2023-30958
Publication date:
03/08/2023
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry&amp;#39;s CSP were to be bypassed.<br /> <br /> This defect was resolved with the release of Foundry Frontend 6.225.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-30952
Publication date:
03/08/2023
A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-20216
Publication date:
03/08/2023
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. <br /> <br /> This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions.<br /> <br /> There are workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024

CVE-2023-20204
Publication date:
03/08/2023
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.<br /> <br /> This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Severity CVSS v4.0: Pending analysis
Last modification:
25/01/2024

CVE-2023-30950
Publication date:
03/08/2023
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities