Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-21674
Publication date:
16/01/2024
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server.<br /> <br /> Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction.<br /> <br /> Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:<br /> <br /> * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release<br /> * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release<br /> * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release<br /> <br /> See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2024

CVE-2023-22527
Publication date:
16/01/2024
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action.<br /> <br /> Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2025

CVE-2023-22526
Publication date:
16/01/2024
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center.<br /> <br /> This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.<br /> <br /> Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:<br /> Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release<br /> Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release<br /> Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release<br /> <br /> See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).<br /> <br /> This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2024-22428
Publication date:
16/01/2024
<br /> Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2024

CVE-2024-22362
Publication date:
16/01/2024
Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2023-43449
Publication date:
16/01/2024
An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025

CVE-2023-51282
Publication date:
16/01/2024
An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2023-51059
Publication date:
16/01/2024
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-51257
Publication date:
16/01/2024
An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-41619
Publication date:
16/01/2024
Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2023-47459
Publication date:
16/01/2024
An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2023-47460
Publication date:
16/01/2024
SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025
Subscribe to Vulnerabilities