Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-0518
Publication date:
13/02/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2022-3759
Publication date:
13/02/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2022-4138
Publication date:
13/02/2023
A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2022-3411
Publication date:
13/02/2023
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2022-47034
Publication date:
13/02/2023
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2023-0817
Publication date:
13/02/2023
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2023

CVE-2023-0818
Publication date:
13/02/2023
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2023

CVE-2023-0819
Publication date:
13/02/2023
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2023

CVE-2015-10079
Publication date:
13/02/2023
A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The patch is named 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-25572
Publication date:
13/02/2023
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `` are affected. `` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn&amp;#39;t sanitized server-side, this opens a possible cross-site scripting (XSS) attack. Versions 3.19.12 and 4.7.6 now use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. Users who already sanitize HTML data server-side do not need to upgrade. As a workaround, users may replace the `` by a custom field doing sanitization by hand.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-25241
Publication date:
13/02/2023
bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2023-25240
Publication date:
13/02/2023
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025
Subscribe to Vulnerabilities