Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-24848
Publication date:
03/10/2023
Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2025

CVE-2023-22385
Publication date:
03/10/2023
Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2025

CVE-2023-22384
Publication date:
03/10/2023
Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2023-22382
Publication date:
03/10/2023
Weak configuration in Automotive while VM is processing a listener request from TEE.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2024

CVE-2023-21673
Publication date:
03/10/2023
Improper Access to the VM resource manager can lead to Memory Corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2025

CVE-2023-26151
Publication date:
03/10/2023
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-26152
Publication date:
03/10/2023
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-26150
Publication date:
03/10/2023
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.<br /> <br /> **Note:**<br /> <br /> This issue is a result of missing checks for services that require an active session.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-5345
Publication date:
03/10/2023
A use-after-free vulnerability in the Linux kernel&amp;#39;s fs/smb/client component can be exploited to achieve local privilege escalation.<br /> <br /> In case of an error in smb3_fs_context_parse_param, ctx-&gt;password was freed but the field was not set to NULL which could lead to double free.<br /> <br /> We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2023-5334
Publication date:
03/10/2023
The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via &amp;#39;sp_responsiveslider&amp;#39; shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026

CVE-2023-3335
Publication date:
03/10/2023
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users  to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2024

CVE-2023-3440
Publication date:
03/10/2023
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2023
Subscribe to Vulnerabilities