Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-47249
Publication date:
05/11/2023
In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-46963
Publication date:
04/11/2023
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-46382
Publication date:
04/11/2023
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-40922
Publication date:
04/11/2023
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().
Severity CVSS v4.0: Pending analysis
Last modification:
13/11/2023

CVE-2023-46380
Publication date:
04/11/2023
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-46381
Publication date:
04/11/2023
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-32741
Publication date:
04/11/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-35910
Publication date:
04/11/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2025

CVE-2023-38391
Publication date:
04/11/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2023-40215
Publication date:
04/11/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2023-36677
Publication date:
03/11/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Smartypants SP Project &amp; Document Manager allows SQL Injection.This issue affects SP Project &amp; Document Manager: from n/a through 4.67.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2023-45189
Publication date:
03/11/2023
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023
Subscribe to Vulnerabilities