Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-25502
Publication date:
20/01/2023
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2022-1109
Publication date:
20/01/2023
An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2023

CVE-2022-3918
Publication date:
20/01/2023
A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may interpret the content after the CRLF as extra headers, or even a second request. For example, consider a URLRequest to http://example.com/ with the GET method. Suppose we set the URLRequest header "Foo" to the value "Bar Extra-Header: Added GET /other HTTP/1.1". When this request is sent, it will appear to the server as two requests: GET / HTTP/1.1 Foo: Bar Extra-Header: Added GET /other HTTP/1.1 In this manner, the client is able to inject extra headers and craft an entirely new request to a separate path, despite only making one API call in URLSession. If a developer has total control over the request and its headers, this vulnerability may not pose a threat. However, this vulnerability escalates if un-sanitized user input is placed in header values. If so, a malicious user could inject new headers or requests to an intermediary or backend server. Developers should be especially careful to sanitize user input in this case, or upgrade their version of swift-corelibs-foundation to include the patch below.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2023-23491
Publication date:
20/01/2023
The Quick Event Manager WordPress Plugin, version
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2023-23492
Publication date:
20/01/2023
The Login with Phone Number WordPress Plugin, version
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2023-23490
Publication date:
20/01/2023
The Survey Maker WordPress Plugin, version
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2023-23015
Publication date:
20/01/2023
Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2023-23024
Publication date:
20/01/2023
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2023-23014
Publication date:
20/01/2023
Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2023-23010
Publication date:
20/01/2023
Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2023-23012
Publication date:
20/01/2023
Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2023-24021
Publication date:
20/01/2023
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025
Subscribe to Vulnerabilities