Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-37771
Publication date:
31/07/2023
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-37580
Publication date:
31/07/2023
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2025

CVE-2023-35792
Publication date:
31/07/2023
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2023-35791
Publication date:
31/07/2023
Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2023-38304
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38303
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38311
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38310
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38309
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38308
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38307
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38306
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023
Subscribe to Vulnerabilities