Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26756
Publication date:
14/04/2023
The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. NOTE: The vendor's position is that this is effectively mitigated by rate limits and password-quality features.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024

CVE-2023-27666
Publication date:
14/04/2023
Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2022-47027
Publication date:
14/04/2023
Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2025

CVE-2023-27193
Publication date:
14/04/2023
An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2025

CVE-2023-27643
Publication date:
14/04/2023
An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2023-1617
Publication date:
14/04/2023
Improper Authentication vulnerability in B&amp;R Industrial Automation B&amp;R VC4 (VNC-Server modules).  This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization.<br /> This issue affects B&amp;R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2023

CVE-2023-27649
Publication date:
14/04/2023
SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2023-27653
Publication date:
14/04/2023
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2023-27651
Publication date:
14/04/2023
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2023-27648
Publication date:
14/04/2023
Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2023-2052
Publication date:
14/04/2023
A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballot_down.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225937 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-2051
Publication date:
14/04/2023
A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024
Subscribe to Vulnerabilities