Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-4553
Publication date:
29/01/2024
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.<br /> <br /> <br /> AppBuilder configuration files are viewable by unauthenticated users.<br /> <br /> <br /> This issue affects AppBuilder: from 21.2 before 23.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2024

CVE-2023-4554
Publication date:
29/01/2024
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files.<br /> <br /> AppBuilder&amp;#39;s XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them.<br /> <br /> <br /> This issue affects AppBuilder: from 21.2 before 23.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2024

CVE-2023-49038
Publication date:
29/01/2024
Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2025

CVE-2023-4550
Publication date:
29/01/2024
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.<br /> <br /> An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. <br /> <br /> <br /> This issue affects AppBuilder: from 21.2 before 23.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2024

CVE-2023-4551
Publication date:
29/01/2024
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.<br /> <br /> The AppBuilder&amp;#39;s Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.<br /> <br /> <br /> This issue affects AppBuilder: from 21.2 before 23.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2024

CVE-2023-51839
Publication date:
29/01/2024
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2023-51840
Publication date:
29/01/2024
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2025

CVE-2023-51842
Publication date:
29/01/2024
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2025

CVE-2024-1018
Publication date:
29/01/2024
A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252288.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2024-22570
Publication date:
29/01/2024
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&amp;c=index&amp;a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2024-24136
Publication date:
29/01/2024
The &amp;#39;Your Name&amp;#39; field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2024-24139
Publication date:
29/01/2024
Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the &amp;#39;user&amp;#39; parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024
Subscribe to Vulnerabilities