Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-23327
Publication date:
10/03/2023
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2023-23328
Publication date:
10/03/2023
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2023-23911
Publication date:
10/03/2023
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.
Severity CVSS v4.0: Pending analysis
Last modification:
16/03/2023

CVE-2023-23326
Publication date:
10/03/2023
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2022-44574
Publication date:
10/03/2023
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.
Severity CVSS v4.0: Pending analysis
Last modification:
16/03/2023

CVE-2023-27530
Publication date:
10/03/2023
A DoS vulnerability exists in Rack
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-27532
Publication date:
10/03/2023
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-27902
Publication date:
10/03/2023
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-27905
Publication date:
10/03/2023
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-27898
Publication date:
10/03/2023
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-27904
Publication date:
10/03/2023
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-27903
Publication date:
10/03/2023
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025
Subscribe to Vulnerabilities