Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26262
Publication date:
14/03/2023
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2023-28343
Publication date:
14/03/2023
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2023

CVE-2023-28144
Publication date:
14/03/2023
KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2023-28339
Publication date:
14/03/2023
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2023-27589
Publication date:
14/03/2023
Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2023

CVE-2023-27588
Publication date:
14/03/2023
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2023

CVE-2023-25206
Publication date:
14/03/2023
PrestaShop ws_productreviews
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2023

CVE-2023-24923
Publication date:
14/03/2023
Microsoft OneDrive for Android Information Disclosure Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-24930
Publication date:
14/03/2023
Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2023-24920
Publication date:
14/03/2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2023-24921
Publication date:
14/03/2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2023-24922
Publication date:
14/03/2023
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024
Subscribe to Vulnerabilities