Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-23882
Publication date:
17/01/2024
Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2024

CVE-2023-23896
Publication date:
17/01/2024
Missing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.This issue affects URL Shortener by MyThemeShop: from n/a through 1.0.17.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2024

CVE-2022-40702
Publication date:
17/01/2024
Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2024

CVE-2022-41619
Publication date:
17/01/2024
Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2024

CVE-2022-41695
Publication date:
17/01/2024
Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2024

CVE-2022-41990
Publication date:
17/01/2024
Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2024

CVE-2023-20257
Publication date:
17/01/2024
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2024

CVE-2024-0641
Publication date:
17/01/2024
A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2024-0646
Publication date:
17/01/2024
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2024

CVE-2024-0396
Publication date:
17/01/2024
<br /> In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2024

CVE-2024-0639
Publication date:
17/01/2024
A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2022-38141
Publication date:
17/01/2024
Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2024
Subscribe to Vulnerabilities