Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-4007
Publication date:
08/03/2023
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2023

CVE-2023-0030
Publication date:
08/03/2023
A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2023-24777
Publication date:
08/03/2023
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2021-33353
Publication date:
08/03/2023
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2021-33351
Publication date:
08/03/2023
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2021-33352
Publication date:
08/03/2023
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2023-1283
Publication date:
08/03/2023
Code Injection in GitHub repository builderio/qwik prior to 0.21.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2023-27477
Publication date:
08/03/2023
wasmtime is a fast and secure runtime for WebAssembly. Wasmtime&amp;#39;s code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.
Severity CVSS v4.0: Pending analysis
Last modification:
15/03/2023

CVE-2023-22891
Publication date:
08/03/2023
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2023-24782
Publication date:
08/03/2023
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2023-22889
Publication date:
08/03/2023
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2023-24282
Publication date:
08/03/2023
An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025
Subscribe to Vulnerabilities