Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-49701
Publication date:
30/11/2023
Memory Corruption in SIM management while USIMPhase2init
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-49095
Publication date:
30/11/2023
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-49699
Publication date:
30/11/2023
Memory Corruption in IMS while calling VoLTE Streamingmedia Interface
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-49700
Publication date:
30/11/2023
Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-49052
Publication date:
30/11/2023
File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-49077
Publication date:
30/11/2023
Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-49081
Publication date:
30/11/2023
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-49087
Publication date:
30/11/2023
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2023

CVE-2023-47418
Publication date:
30/11/2023
Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and before, allows attackers to create a new interface in the service management function to execute JavaScript.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-49076
Publication date:
30/11/2023
Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-5275
Publication date:
30/11/2023
Improper Input Validation vulnerability in simulation function of GX Works2 allows an attacker to cause a denial-of-service (DoS) condition on the function by sending specially crafted packets. However, the attacker would need to send the packets from within the same personal computer where the function is running.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-47464
Publication date:
30/11/2023
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023
Subscribe to Vulnerabilities