Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-34916
Publication date:
31/07/2023
Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2020-36763
Publication date:
31/07/2023
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38750
Publication date:
31/07/2023
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-37771
Publication date:
31/07/2023
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-37580
Publication date:
31/07/2023
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2025

CVE-2023-35792
Publication date:
31/07/2023
Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2023-35791
Publication date:
31/07/2023
Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2023-38304
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38303
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38311
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38310
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023

CVE-2023-38309
Publication date:
31/07/2023
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2023
Subscribe to Vulnerabilities