Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-23326
Publication date:
10/03/2023
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2022-44574
Publication date:
10/03/2023
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.
Severity CVSS v4.0: Pending analysis
Last modification:
16/03/2023

CVE-2023-27530
Publication date:
10/03/2023
A DoS vulnerability exists in Rack
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-27532
Publication date:
10/03/2023
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-27902
Publication date:
10/03/2023
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-27905
Publication date:
10/03/2023
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-27898
Publication date:
10/03/2023
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-27904
Publication date:
10/03/2023
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-27903
Publication date:
10/03/2023
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-25145
Publication date:
10/03/2023
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations.<br /> <br /> Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2023-25146
Publication date:
10/03/2023
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location.<br /> <br /> Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2023-25147
Publication date:
10/03/2023
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process.<br /> <br /> Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025
Subscribe to Vulnerabilities