Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-33842
Publication date:
22/06/2023
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2019-25152
Publication date:
22/06/2023
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026

CVE-2023-33405
Publication date:
21/06/2023
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-24261
Publication date:
21/06/2023
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-33591
Publication date:
21/06/2023
User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-3110
Publication date:
21/06/2023
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-0972
Publication date:
21/06/2023
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-33289
Publication date:
21/06/2023
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2025

CVE-2023-25435
Publication date:
21/06/2023
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-0969
Publication date:
21/06/2023
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-0970
Publication date:
21/06/2023
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-0971
Publication date:
21/06/2023
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.
Severity CVSS v4.0: Pending analysis
Last modification:
27/09/2024
Subscribe to Vulnerabilities