Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-31983
Publication date:
12/05/2023
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2023-25958
Publication date:
12/05/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2023

CVE-2023-25460
Publication date:
12/05/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2023

CVE-2023-28414
Publication date:
12/05/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2023

CVE-2023-22685
Publication date:
12/05/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2023

CVE-2023-23810
Publication date:
12/05/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2023

CVE-2022-48020
Publication date:
12/05/2023
Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2023-30768
Publication date:
12/05/2023
Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-31197
Publication date:
12/05/2023
Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-31199
Publication date:
12/05/2023
Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-23867
Publication date:
12/05/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2023

CVE-2023-29242
Publication date:
12/05/2023
Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities