Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-45922
Publication date:
27/03/2024
glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-46047
Publication date:
27/03/2024
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-46048
Publication date:
27/03/2024
Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2023-45924
Publication date:
27/03/2024
libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2023-45925
Publication date:
27/03/2024
GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2023-45935
Publication date:
27/03/2024
Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2023-46046
Publication date:
27/03/2024
An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2023-45929
Publication date:
27/03/2024
S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2023-45931
Publication date:
27/03/2024
Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-40288
Publication date:
27/03/2024
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2025

CVE-2023-40289
Publication date:
27/03/2024
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2025

CVE-2023-40290
Publication date:
27/03/2024
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2025
Subscribe to Vulnerabilities