Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-41962
Publication date:
27/09/2023
Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2025

CVE-2023-41968
Publication date:
27/09/2023
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-41979
Publication date:
27/09/2023
A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-41980
Publication date:
27/09/2023
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-41981
Publication date:
27/09/2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-41984
Publication date:
27/09/2023
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-41653
Publication date:
27/09/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2023

CVE-2023-41860
Publication date:
27/09/2023
Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2023

CVE-2023-41335
Publication date:
27/09/2023
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2024

CVE-2023-41861
Publication date:
27/09/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2023

CVE-2023-41878
Publication date:
27/09/2023
MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2023

CVE-2023-41332
Publication date:
27/09/2023
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `io.cilium.proxy-visibility` annotations (in Cilium
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2023
Subscribe to Vulnerabilities