Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-45840

Publication date:

05/12/2023

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package.

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2023-45841

Publication date:

05/12/2023

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2023-45842

Publication date:

05/12/2023

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2023-43608

Publication date:

05/12/2023

A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2023-41835

Publication date:

05/12/2023

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2023-6269

Publication date:

05/12/2023

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.

Severity CVSS v4.0: Pending analysis

Last modification:

13/12/2023

CVE-2023-49070

Publication date:

05/12/2023

Pre-auth RCE in Apache Ofbiz 18.12.09. It&#39;s due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10

Severity CVSS v4.0: Pending analysis

Last modification:

13/02/2025

CVE-2023-5188

Publication date:

05/12/2023

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device.

Severity CVSS v4.0: Pending analysis

Last modification:

11/12/2023

CVE-2023-43472

Publication date:

05/12/2023

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

Severity CVSS v4.0: Pending analysis

Last modification:

11/12/2023

CVE-2023-44295

Publication date:

05/12/2023

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure.

Severity CVSS v4.0: Pending analysis

Last modification:

20/02/2026

CVE-2022-47531

Publication date:

05/12/2023

An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.

Severity CVSS v4.0: Pending analysis

Last modification:

11/12/2023

CVE-2023-37572

Publication date:

05/12/2023

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted.

Severity CVSS v4.0: Pending analysis

Last modification:

11/10/2024

Subscribe to Vulnerabilities