Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-1981
Publication date:
26/05/2023
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-1667
Publication date:
26/05/2023
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-1664
Publication date:
26/05/2023
A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2023-33780
Publication date:
26/05/2023
A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2025

CVE-2023-33779
Publication date:
26/05/2023
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2025

CVE-2023-31227
Publication date:
26/05/2023
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2023-31225
Publication date:
26/05/2023
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2025

CVE-2023-2817
Publication date:
26/05/2023
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2023-31226
Publication date:
26/05/2023
The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2023-2002
Publication date:
26/05/2023
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2024

CVE-2023-20883
Publication date:
26/05/2023
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2025

CVE-2023-20882
Publication date:
26/05/2023
In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2025
Subscribe to Vulnerabilities