Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-1541
Publication date:
21/03/2023
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2023

CVE-2023-1542
Publication date:
21/03/2023
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2023

CVE-2023-1536
Publication date:
21/03/2023
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2023-1537
Publication date:
21/03/2023
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2023-1538
Publication date:
21/03/2023
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2023-1540
Publication date:
21/03/2023
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2023-1539
Publication date:
21/03/2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2023

CVE-2023-1535
Publication date:
21/03/2023
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2012-10009
Publication date:
21/03/2023
A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2023-1527
Publication date:
21/03/2023
Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2023

CVE-2022-43663
Publication date:
20/03/2023
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2022-45124
Publication date:
20/03/2023
An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2023
Subscribe to Vulnerabilities