Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-3026
Publication date:
01/06/2023
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2023-23954
Publication date:
01/06/2023
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2023-23955
Publication date:
01/06/2023
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2023-23952
Publication date:
01/06/2023
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2023-23953
Publication date:
01/06/2023
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2023-2985
Publication date:
01/06/2023
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2025

CVE-2023-2598
Publication date:
01/06/2023
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2023-2977
Publication date:
01/06/2023
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-33640
Publication date:
31/05/2023
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2023-33641
Publication date:
31/05/2023
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2023-33642
Publication date:
31/05/2023
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2023-33643
Publication date:
31/05/2023
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025
Subscribe to Vulnerabilities