Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29042
Publication date:
02/04/2023
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-27284
Publication date:
02/04/2023
IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-42452
Publication date:
02/04/2023
HCL Launch is vulnerable to HTML injection.  HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2022-42447
Publication date:
02/04/2023
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2025

CVE-2023-1202
Publication date:
02/04/2023
Permission bypass when importing or synchronizing entries in User vault<br /> <br /> in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2025

CVE-2023-1574
Publication date:
02/04/2023
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2025

CVE-2023-1580
Publication date:
02/04/2023
Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2025

CVE-2023-1603
Publication date:
02/04/2023
<br /> Permission bypass when importing or synchronizing entries in User vault<br /> <br /> in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2025

CVE-2023-26283
Publication date:
02/04/2023
IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-28668
Publication date:
02/04/2023
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they&amp;#39;ve been disabled.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2025

CVE-2023-28669
Publication date:
02/04/2023
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control input files for the &amp;#39;Record JaCoCo coverage report&amp;#39; post-build action.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2025

CVE-2023-28671
Publication date:
02/04/2023
A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2025
Subscribe to Vulnerabilities