Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-44008
Publication date:
02/10/2023
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2023

CVE-2023-44009
Publication date:
02/10/2023
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2023

CVE-2023-43361
Publication date:
02/10/2023
Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-3592
Publication date:
02/10/2023
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-43835
Publication date:
02/10/2023
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2023-43890
Publication date:
02/10/2023
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2023

CVE-2023-44463
Publication date:
02/10/2023
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2023-5344
Publication date:
02/10/2023
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-37605
Publication date:
02/10/2023
Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
15/03/2024

CVE-2023-0809
Publication date:
02/10/2023
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2024

CVE-2023-40744
Publication date:
02/10/2023
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2023. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-4659
Publication date:
02/10/2023
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2023
Subscribe to Vulnerabilities