Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-28142
Publication date:
18/04/2023
<br /> A Race Condition exists in the Qualys Cloud Agent for Windows<br /> platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to<br /> escalate privileges limited on the local machine during uninstallation of the<br /> Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on<br /> that asset to run arbitrary commands.<br /> <br /> <br /> <br /> At the time of this disclosure, versions before 4.0 are classified as End<br /> of Life.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2023-28140
Publication date:
18/04/2023
<br /> An Executable Hijacking condition exists in the<br /> Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers<br /> may load a malicious copy of a Dependency Link Library (DLL) via a local<br /> attack vector instead of the DLL that the application was expecting, when<br /> processes are running with escalated privileges. This vulnerability<br /> is bounded only to the time of uninstallation and can only be exploited<br /> locally.<br /> <br /> <br /> <br /> At the time of this disclosure, versions before 4.0 are classified as End of<br /> Life.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2023-2160
Publication date:
18/04/2023
Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/12/2023

CVE-2023-28143
Publication date:
18/04/2023
<br /> Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7)<br /> installer allows a local escalation of privilege bounded only to the time of<br /> installation and only on older macOSX (macOS 10.15 and older) versions.<br /> Attackers may exploit incorrect file permissions to give them ROOT command<br /> execution privileges on the host. During the install of the PKG, a step in the<br /> process involves extracting the package and copying files to several<br /> directories. Attackers may gain writable access to files during the install of<br /> PKG when extraction of the package and copying files to several directories,<br /> enabling a local escalation of privilege.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2023-28141
Publication date:
18/04/2023
<br /> An NTFS Junction condition exists in the Qualys Cloud Agent<br /> for Windows platform in versions before 4.8.0.31. Attackers may write files to<br /> arbitrary locations via a local attack vector. This allows attackers to assume<br /> the privileges of the process, and they may delete or otherwise on unauthorized<br /> files, allowing for the potential modification or deletion of sensitive files<br /> limited only to that specific directory/file object. This vulnerability is<br /> bounded to the time of installation/uninstallation and can only be exploited locally.<br /> <br /> <br /> <br /> At the time of this disclosure, versions before 4.0 are<br /> classified as End of Life.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2023-29774
Publication date:
18/04/2023
Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2025

CVE-2023-2155
Publication date:
18/04/2023
A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226276.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-2154
Publication date:
18/04/2023
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/?page=reminders/view_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226275.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-28863
Publication date:
18/04/2023
AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2022-44632
Publication date:
18/04/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin
Severity CVSS v4.0: Pending analysis
Last modification:
27/04/2023

CVE-2022-45836
Publication date:
18/04/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2023-2153
Publication date:
18/04/2023
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php of the component POST Parameter Handler. The manipulation of the argument value with the input 1&gt;alert(666) leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226274 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024
Subscribe to Vulnerabilities