Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-24128

Publication date:

01/03/2023

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.

Severity CVSS v4.0: Pending analysis

Last modification:

04/03/2023

CVE-2023-23006

Publication date:

01/03/2023

In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Severity CVSS v4.0: Pending analysis

Last modification:

19/03/2025

CVE-2023-23005

Publication date:

01/03/2023

In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.

Severity CVSS v4.0: Pending analysis

Last modification:

19/03/2025

CVE-2023-23003

Publication date:

01/03/2023

In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2025

CVE-2023-23004

Publication date:

01/03/2023

In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Severity CVSS v4.0: Pending analysis

Last modification:

19/03/2025

CVE-2023-23001

Publication date:

01/03/2023

In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2025

CVE-2023-23002

Publication date:

01/03/2023

In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2025

CVE-2023-1131

Publication date:

01/03/2023

A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

17/05/2024

CVE-2023-1097

Publication date:

01/03/2023

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2023-1130

Publication date:

01/03/2023

A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

17/05/2024

CVE-2023-25931

Publication date:

01/03/2023

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023