Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-27439
Publication date:
21/06/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2023-27443
Publication date:
21/06/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2022-3372
Publication date:
21/06/2023
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2022-45287
Publication date:
21/06/2023
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-3351
Publication date:
21/06/2023
Rejected reason: Wrong year requested.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-34981
Publication date:
21/06/2023
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024

CVE-2023-34340
Publication date:
21/06/2023
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.<br /> This issue affects Apache Accumulo: 2.1.0.<br /> <br /> Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024

CVE-2023-3339
Publication date:
21/06/2023
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2022-25883
Publication date:
21/06/2023
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-34563
Publication date:
20/06/2023
netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2023-32274
Publication date:
20/06/2023
<br /> <br /> <br /> <br /> <br /> Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2023-35166
Publication date:
20/06/2023
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It&amp;#39;s possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023
Subscribe to Vulnerabilities