Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-48950
Publication date:
29/11/2023
An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-48951
Publication date:
29/11/2023
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Severity CVSS v4.0: Pending analysis
Last modification:
05/06/2025

CVE-2023-48952
Publication date:
29/11/2023
An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Severity CVSS v4.0: Pending analysis
Last modification:
17/10/2024

CVE-2023-49091
Publication date:
29/11/2023
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2023-49082
Publication date:
29/11/2023
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-44383
Publication date:
29/11/2023
October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023

CVE-2023-48945
Publication date:
29/11/2023
A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2024

CVE-2023-48946
Publication date:
29/11/2023
An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-48947
Publication date:
29/11/2023
An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-48948
Publication date:
29/11/2023
An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-48949
Publication date:
29/11/2023
An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-49079
Publication date:
29/11/2023
Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2023
Subscribe to Vulnerabilities