Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-52274
Publication date:
11/01/2024
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2024-22194
Publication date:
11/01/2024
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2024

CVE-2022-40361
Publication date:
11/01/2024
Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2023-45169
Publication date:
11/01/2024
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2024

CVE-2023-31001
Publication date:
11/01/2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-31003
Publication date:
11/01/2024
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-38267
Publication date:
11/01/2024
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 260584.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-45175
Publication date:
11/01/2024
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2024

CVE-2024-22190
Publication date:
11/01/2024
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41.
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2024

CVE-2023-45173
Publication date:
11/01/2024
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2024

CVE-2024-21665
Publication date:
11/01/2024
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2024

CVE-2024-21666
Publication date:
11/01/2024
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2024
Subscribe to Vulnerabilities