Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-23478
Publication date:
15/02/2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2024

CVE-2023-40057
Publication date:
15/02/2024
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2024

CVE-2023-6123
Publication date:
15/02/2024
Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-0240
Publication date:
15/02/2024
A memory leak in the Silicon Labs&amp;#39; Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2024-0622
Publication date:
15/02/2024
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. <br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-25502
Publication date:
15/02/2024
Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025

CVE-2024-25373
Publication date:
15/02/2024
Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2025

CVE-2023-6937
Publication date:
15/02/2024
wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.
Severity CVSS v4.0: Pending analysis
Last modification:
21/02/2025

CVE-2023-6255
Publication date:
15/02/2024
Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2023-7081
Publication date:
15/02/2024
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in POSTAHSİL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2025

CVE-2023-4993
Publication date:
15/02/2024
Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2023-5155
Publication date:
15/02/2024
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025
Subscribe to Vulnerabilities