Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-33214
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews &amp; Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews &amp; Analytics: from n/a through 3.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2023

CVE-2023-6778
Publication date:
18/12/2023
Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0.
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2024

CVE-2023-6817
Publication date:
18/12/2023
A use-after-free vulnerability in the Linux kernel&amp;#39;s netfilter: nf_tables component can be exploited to achieve local privilege escalation.<br /> <br /> The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.<br /> <br /> We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-49840
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49843
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49844
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49853
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/02/2024

CVE-2022-40312
Publication date:
18/12/2023
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2023

CVE-2023-46177
Publication date:
18/12/2023
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-5384
Publication date:
18/12/2023
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2023-6228
Publication date:
18/12/2023
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2024

CVE-2023-5056
Publication date:
18/12/2023
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user&amp;#39;s purview.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023
Subscribe to Vulnerabilities