Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-23719
Publication date:
17/07/2023
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2023

CVE-2023-22672
Publication date:
17/07/2023
Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2023

CVE-2023-26512
Publication date:
17/07/2023
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and <br /> <br /> remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.
Severity CVSS v4.0: Pending analysis
Last modification:
25/06/2025

CVE-2023-3700
Publication date:
17/07/2023
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2023

CVE-2023-2759
Publication date:
17/07/2023
A hidden API exists in TapHome&amp;#39;s core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2023-2760
Publication date:
17/07/2023
An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2023

CVE-2022-4952
Publication date:
17/07/2023
A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected component. VDB-234238 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-3695
Publication date:
17/07/2023
A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file add-product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234252.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-35012
Publication date:
17/07/2023
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2023-3696
Publication date:
17/07/2023
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2023

CVE-2023-35901
Publication date:
17/07/2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2023

CVE-2023-33857
Publication date:
17/07/2023
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2023
Subscribe to Vulnerabilities