Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26925
Publication date:
31/03/2023
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025

CVE-2023-28843
Publication date:
31/03/2023
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2023

CVE-2023-28879
Publication date:
31/03/2023
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2025

CVE-2022-3192
Publication date:
31/03/2023
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2023

CVE-2023-28862
Publication date:
31/03/2023
An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2025

CVE-2023-28877
Publication date:
31/03/2023
The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.)
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2025

CVE-2023-28464
Publication date:
31/03/2023
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-0343
Publication date:
31/03/2023
Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-0344
Publication date:
31/03/2023
Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-26829
Publication date:
31/03/2023
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025

CVE-2023-26830
Publication date:
31/03/2023
An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025

CVE-2023-0432
Publication date:
31/03/2023
<br /> The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025
Subscribe to Vulnerabilities