Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29108
Publication date:
11/04/2023
The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2023

CVE-2023-29109
Publication date:
11/04/2023
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2023

CVE-2023-27499
Publication date:
11/04/2023
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user&amp;#39;s browser. The information from the victim&amp;#39;s web browser can either be modified or read and sent to the attacker.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2023

CVE-2023-27497
Publication date:
11/04/2023
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2023

CVE-2023-24182
Publication date:
11/04/2023
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2025

CVE-2023-28341
Publication date:
11/04/2023
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2023-27191
Publication date:
11/04/2023
An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2025

CVE-2023-28340
Publication date:
11/04/2023
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2022-43293
Publication date:
11/04/2023
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2025

CVE-2022-38604
Publication date:
11/04/2023
Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2025

CVE-2023-26467
Publication date:
10/04/2023
A man in the middle can redirect traffic to a malicious server in a compromised configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2023

CVE-2023-1668
Publication date:
10/04/2023
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025
Subscribe to Vulnerabilities