Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-23150
Publication date:
16/03/2023
SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2025

CVE-2023-24795
Publication date:
16/03/2023
Command execution vulnerability was discovered in JHR-N916R router firmware version
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2025

CVE-2023-26784
Publication date:
16/03/2023
SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2023

CVE-2023-28486
Publication date:
16/03/2023
Sudo before 1.9.13 does not escape control characters in log messages.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2024

CVE-2023-28487
Publication date:
16/03/2023
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2024

CVE-2023-26951
Publication date:
16/03/2023
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2023

CVE-2023-25281
Publication date:
16/03/2023
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-25280
Publication date:
16/03/2023
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-28466
Publication date:
16/03/2023
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2023-28460
Publication date:
15/03/2023
A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2023

CVE-2023-28461
Publication date:
15/03/2023
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-28099
Publication date:
15/03/2023
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities