Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-25211
Publication date:
07/04/2023
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-25212
Publication date:
07/04/2023
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-25213
Publication date:
07/04/2023
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2023-25214
Publication date:
07/04/2023
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2023-25215
Publication date:
07/04/2023
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2020-11935
Publication date:
07/04/2023
It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2024

CVE-2023-29474
Publication date:
06/04/2023
inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2023-29473
Publication date:
06/04/2023
webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2023-29475
Publication date:
06/04/2023
inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2014-125094
Publication date:
06/04/2023
A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-28500
Publication date:
06/04/2023
A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may be vulnerable if the application is installed with Java environment 7u21 and earlier. Exploitation of the vulnerability depends on two factors: insecure deserialization methods used in the Adobe LiveCycle application, and the use of Java environments 7u21 and earlier. The code execution is performed in the context of the account that is running the Adobe LiveCycle application. If the account is privileged, exploitation provides privileged access to the operating system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2023-1929
Publication date:
06/04/2023
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026
Subscribe to Vulnerabilities