Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-45345

Publication date:

02/11/2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The &#39;*_deleted&#39; parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Severity CVSS v4.0: Pending analysis

Last modification:

09/11/2023

CVE-2023-45346

Publication date:

02/11/2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The &#39;*_role&#39; parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Severity CVSS v4.0: Pending analysis

Last modification:

09/11/2023

CVE-2023-45347

Publication date:

02/11/2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The &#39;*_verified&#39; parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Severity CVSS v4.0: Pending analysis

Last modification:

09/11/2023

CVE-2023-46725

Publication date:

02/11/2023

FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

09/11/2023

CVE-2023-38469

Publication date:

02/11/2023

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2023-38470

Publication date:

02/11/2023

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2023-38471

Publication date:

02/11/2023

A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2023-38472

Publication date:

02/11/2023

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2023-45343

Publication date:

02/11/2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The &#39;ticket_id&#39; parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.

Severity CVSS v4.0: Pending analysis

Last modification:

30/11/2023

CVE-2023-45344

Publication date:

02/11/2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The &#39;*_balance&#39; parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

Severity CVSS v4.0: Pending analysis

Last modification:

09/11/2023

CVE-2023-5919

Publication date:

02/11/2023

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

17/05/2024