Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-6706
Publication date:
14/12/2023
Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-6707
Publication date:
14/12/2023
Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-6702
Publication date:
14/12/2023
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-49343
Publication date:
14/12/2023
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49344
Publication date:
14/12/2023
Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49345
Publication date:
14/12/2023
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49346
Publication date:
14/12/2023
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49347
Publication date:
14/12/2023
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49342
Publication date:
14/12/2023
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-0248
Publication date:
14/12/2023
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader&amp;#39;s communication memory between the card and reader.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2023

CVE-2023-50472
Publication date:
14/12/2023
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2025

CVE-2023-50471
Publication date:
14/12/2023
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025
Subscribe to Vulnerabilities