Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-48014
Publication date:
15/11/2023
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2023

CVE-2023-48219
Publication date:
15/11/2023
TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2023

CVE-2023-5997
Publication date:
15/11/2023
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-6112
Publication date:
15/11/2023
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2024

CVE-2023-33873
Publication date:
15/11/2023
<br /> This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2023

CVE-2023-34982
Publication date:
15/11/2023
<br /> This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2023

CVE-2023-6079
Publication date:
15/11/2023
Rejected reason: appears to be a duplicate of CVE-2023-40206
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2023-48087
Publication date:
15/11/2023
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2023

CVE-2023-48088
Publication date:
15/11/2023
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2023

CVE-2023-48089
Publication date:
15/11/2023
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2024

CVE-2023-5720
Publication date:
15/11/2023
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-5676
Publication date:
15/11/2023
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities