Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-48049

Publication date:

15/12/2023

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component.

Severity CVSS v4.0: Pending analysis

Last modification:

20/12/2023

CVE-2023-4489

Publication date:

14/12/2023

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.

Severity CVSS v4.0: Pending analysis

Last modification:

27/09/2024

CVE-2023-6134

Publication date:

14/12/2023

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

Severity CVSS v4.0: Pending analysis

Last modification:

14/02/2024

CVE-2023-6704

Publication date:

14/12/2023

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2024

CVE-2023-6702

Publication date:

14/12/2023

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2023-6703

Publication date:

14/12/2023

Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity CVSS v4.0: Pending analysis

Last modification:

25/02/2026

CVE-2023-6705

Publication date:

14/12/2023

Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity CVSS v4.0: Pending analysis

Last modification:

25/02/2026

CVE-2023-6706

Publication date:

14/12/2023

Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity CVSS v4.0: Pending analysis

Last modification:

25/02/2026

CVE-2023-6707

Publication date:

14/12/2023

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity CVSS v4.0: Pending analysis

Last modification:

25/02/2026

CVE-2023-49343

Publication date:

14/12/2023

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.

Severity CVSS v4.0: Pending analysis

Last modification:

20/12/2023

CVE-2023-49344

Publication date:

14/12/2023

Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.

Severity CVSS v4.0: Pending analysis

Last modification:

20/12/2023

CVE-2023-49345

Publication date:

14/12/2023

Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.

Severity CVSS v4.0: Pending analysis

Last modification:

20/12/2023

Subscribe to Vulnerabilities