Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-31364
Publication date:
01/02/2023
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-23077
Publication date:
01/02/2023
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-23078
Publication date:
01/02/2023
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-22287
Publication date:
01/02/2023
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-23075
Publication date:
01/02/2023
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-23076
Publication date:
01/02/2023
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-23073
Publication date:
01/02/2023
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-23074
Publication date:
01/02/2023
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-22284
Publication date:
01/02/2023
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-46934
Publication date:
01/02/2023
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-0619
Publication date:
01/02/2023
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-22501
Publication date:
01/02/2023
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases:<br /> <br /> * If the attacker is included on Jira issues or requests with these users, or<br /> * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users.<br /> <br /> Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2024
Subscribe to Vulnerabilities