Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-22579
Publication date:
16/02/2023
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2023-22580
Publication date:
16/02/2023
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2023

CVE-2022-3843
Publication date:
16/02/2023
In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-43969
Publication date:
16/02/2023
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2022-38731
Publication date:
16/02/2023
Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server&amp;#39;s filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2023-0860
Publication date:
16/02/2023
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2023

CVE-2023-0862
Publication date:
16/02/2023
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.<br /> <br /> This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-0861
Publication date:
16/02/2023
NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges.<br /> This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-0568
Publication date:
16/02/2023
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-0662
Publication date:
16/02/2023
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-0848
Publication date:
15/02/2023
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-0849
Publication date:
15/02/2023
A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024
Subscribe to Vulnerabilities