Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-37386
Publication date:
17/07/2023
Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2024

CVE-2023-34669
Publication date:
17/07/2023
TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2024

CVE-2023-28767
Publication date:
17/07/2023
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, <br /> <br /> USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2023

CVE-2023-3593
Publication date:
17/07/2023
Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2023

CVE-2023-3615
Publication date:
17/07/2023
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2023

CVE-2023-3614
Publication date:
17/07/2023
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2023

CVE-2023-3613
Publication date:
17/07/2023
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/07/2023

CVE-2023-3585
Publication date:
17/07/2023
Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2023

CVE-2023-3591
Publication date:
17/07/2023
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2023

CVE-2023-37974
Publication date:
17/07/2023
Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2023

CVE-2023-37985
Publication date:
17/07/2023
Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2023

CVE-2023-3590
Publication date:
17/07/2023
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/07/2023
Subscribe to Vulnerabilities