Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-33276
Publication date:
30/06/2023
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2023

CVE-2023-3478
Publication date:
30/06/2023
A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-3479
Publication date:
30/06/2023
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2023-3477
Publication date:
30/06/2023
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-3476
Publication date:
30/06/2023
A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-3475
Publication date:
30/06/2023
A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-3474
Publication date:
30/06/2023
A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-3473
Publication date:
30/06/2023
A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-28387
Publication date:
30/06/2023
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2023

CVE-2023-32612
Publication date:
30/06/2023
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
27/11/2024

CVE-2023-32613
Publication date:
30/06/2023
Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2023-32620
Publication date:
30/06/2023
Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023
Subscribe to Vulnerabilities