Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26866
Publication date:
04/04/2023
GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2022-47870
Publication date:
04/04/2023
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2025

CVE-2022-41633
Publication date:
04/04/2023
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-23685
Publication date:
04/04/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-23686
Publication date:
04/04/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-23821
Publication date:
04/04/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-23878
Publication date:
04/04/2023
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2023-25941
Publication date:
04/04/2023
<br /> Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-25942
Publication date:
04/04/2023
<br /> Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-25940
Publication date:
04/04/2023
<br /> Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
22/06/2023

CVE-2023-1827
Publication date:
04/04/2023
A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2020-36692
Publication date:
04/04/2023
A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2025
Subscribe to Vulnerabilities