Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-40868
Publication date:
14/09/2023
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2023

CVE-2023-39638
Publication date:
14/09/2023
D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2023

CVE-2022-47631
Publication date:
14/09/2023
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.
Severity CVSS v4.0: Pending analysis
Last modification:
16/02/2024

CVE-2023-25584
Publication date:
14/09/2023
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2024

CVE-2023-25585
Publication date:
14/09/2023
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-25586
Publication date:
14/09/2023
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-25588
Publication date:
14/09/2023
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-37756
Publication date:
14/09/2023
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-42362
Publication date:
14/09/2023
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2023

CVE-2023-38912
Publication date:
14/09/2023
SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2023

CVE-2023-41156
Publication date:
14/09/2023
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2023

CVE-2023-41159
Publication date:
14/09/2023
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2023
Subscribe to Vulnerabilities