Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-41010
Publication date:
14/09/2023
Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2023

CVE-2023-4832
Publication date:
14/09/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Aceka Company Management allows SQL Injection.This issue affects Company Management: before 3072 .<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2023

CVE-2023-40779
Publication date:
14/09/2023
An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-1842
Publication date:
14/09/2023
Rejected reason: This candidate is unused by its CNA.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-4951
Publication date:
14/09/2023
A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2023

CVE-2023-36250
Publication date:
14/09/2023
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-42180
Publication date:
14/09/2023
An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2023

CVE-2023-42178
Publication date:
14/09/2023
Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2026

CVE-2023-1108
Publication date:
14/09/2023
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2024

CVE-2023-30909
Publication date:
14/09/2023
A remote authentication bypass issue exists in some<br /> OneView APIs.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2024

CVE-2021-28485
Publication date:
14/09/2023
In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-2848
Publication date:
14/09/2023
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2023
Subscribe to Vulnerabilities