Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-22578
Publication date:
16/02/2023
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2023

CVE-2023-24236
Publication date:
16/02/2023
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2023-22579
Publication date:
16/02/2023
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2023-22580
Publication date:
16/02/2023
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2022-3843
Publication date:
16/02/2023
In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-43969
Publication date:
16/02/2023
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2022-38731
Publication date:
16/02/2023
Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server&amp;#39;s filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2023-0860
Publication date:
16/02/2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2023

CVE-2023-0862
Publication date:
16/02/2023
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.<br /> <br /> This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-0861
Publication date:
16/02/2023
NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges.<br /> This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-0568
Publication date:
16/02/2023
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-0662
Publication date:
16/02/2023
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025
Subscribe to Vulnerabilities