Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-46486

Publication date:

30/12/2023

A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.

Severity CVSS v4.0: Pending analysis

Last modification:

08/01/2024

CVE-2022-46487

Publication date:

30/12/2023

Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

CVE-2023-38021

Publication date:

30/12/2023

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2024

CVE-2023-38022

Publication date:

30/12/2023

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2024

CVE-2023-38023

Publication date:

30/12/2023

An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2024

CVE-2023-41542

Publication date:

30/12/2023

SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.

Severity CVSS v4.0: Pending analysis

Last modification:

03/09/2024

CVE-2023-41543

Publication date:

30/12/2023

SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.

Severity CVSS v4.0: Pending analysis

Last modification:

05/01/2024

CVE-2023-50559

Publication date:

30/12/2023

An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.

Severity CVSS v4.0: Pending analysis

Last modification:

05/01/2024

CVE-2023-50071

Publication date:

29/12/2023

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.

Severity CVSS v4.0: Pending analysis

Last modification:

03/09/2024

CVE-2023-52240

Publication date:

29/12/2023

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)

Severity CVSS v4.0: Pending analysis

Last modification:

08/01/2024

CVE-2023-50070

Publication date:

29/12/2023

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.

Severity CVSS v4.0: Pending analysis

Last modification:

05/01/2024

CVE-2023-50035

Publication date:

29/12/2023

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.

Severity CVSS v4.0: Pending analysis

Last modification:

05/01/2024

Subscribe to Vulnerabilities