Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-47038
Publication date:
18/12/2023
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-35867
Publication date:
18/12/2023
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-39509
Publication date:
18/12/2023
A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2022-41677
Publication date:
18/12/2023
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-32230
Publication date:
18/12/2023
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-28053
Publication date:
18/12/2023
<br /> Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2024

CVE-2023-50372
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49854
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49855
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-32728
Publication date:
18/12/2023
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-32725
Publication date:
18/12/2023
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-32726
Publication date:
18/12/2023
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2024
Subscribe to Vulnerabilities