Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29134
Publication date:
27/03/2024
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024

CVE-2023-31634
Publication date:
27/03/2024
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2025

CVE-2023-45919
Publication date:
27/03/2024
Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-45920
Publication date:
27/03/2024
Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-45922
Publication date:
27/03/2024
glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-45924
Publication date:
27/03/2024
libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-45925
Publication date:
27/03/2024
GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-45935
Publication date:
27/03/2024
Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-46046
Publication date:
27/03/2024
An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-46047
Publication date:
27/03/2024
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-46048
Publication date:
27/03/2024
Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-45929
Publication date:
27/03/2024
S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025
Subscribe to Vulnerabilities