Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29749
Publication date:
09/06/2023
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-29758
Publication date:
09/06/2023
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-29759
Publication date:
09/06/2023
An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-29757
Publication date:
09/06/2023
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-29756
Publication date:
09/06/2023
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-29752
Publication date:
09/06/2023
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-29755
Publication date:
09/06/2023
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-29713
Publication date:
09/06/2023
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-29714
Publication date:
09/06/2023
Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-2454
Publication date:
09/06/2023
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-2455
Publication date:
09/06/2023
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-27706
Publication date:
09/06/2023
Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025
Subscribe to Vulnerabilities