Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-1538
Publication date:
21/03/2023
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2023-1540
Publication date:
21/03/2023
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2023-1539
Publication date:
21/03/2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2023

CVE-2023-1535
Publication date:
21/03/2023
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2012-10009
Publication date:
21/03/2023
A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2023-1527
Publication date:
21/03/2023
Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2022-43663
Publication date:
20/03/2023
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2022-45124
Publication date:
20/03/2023
An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2023

CVE-2023-0681
Publication date:
20/03/2023
Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-27578
Publication date:
20/03/2023
Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to this issue, an attacker can modify or delete any Galaxy Visualization or Galaxy Page given they know the encoded ID of it. Additionally, they can copy or import any Galaxy Visualization given they know the encoded ID of it. Patches are available for versions 22.01, 22.05, and 23.0. For the changes to take effect, you must restart all Galaxy server processes. There are no supported workarounds.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2023-28425
Publication date:
20/03/2023
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2023

CVE-2023-27586
Publication date:
20/03/2023
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG&amp;#39;s ability to access other files online by default.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023
Subscribe to Vulnerabilities