Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-1013
Publication date:
30/03/2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows Cross-Site Scripting (XSS).This issue affects Vira-Investing: before 1.0.84.86.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-1014
Publication date:
30/03/2023
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.This issue affects Vira-Investing: before 1.0.84.86.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-26116
Publication date:
30/03/2023
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2025

CVE-2023-26117
Publication date:
30/03/2023
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2025

CVE-2023-26118
Publication date:
30/03/2023
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2025

CVE-2023-0620
Publication date:
30/03/2023
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.<br /> <br /> This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2023

CVE-2023-0665
Publication date:
30/03/2023
HashiCorp Vault&amp;#39;s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2023

CVE-2023-25000
Publication date:
30/03/2023
HashiCorp Vault&amp;#39;s implementation of Shamir&amp;#39;s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2023

CVE-2023-28502
Publication date:
29/03/2023
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025

CVE-2023-28503
Publication date:
29/03/2023
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025

CVE-2023-28507
Publication date:
29/03/2023
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025

CVE-2023-28508
Publication date:
29/03/2023
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025
Subscribe to Vulnerabilities