Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-46381
Publication date:
04/11/2023
LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-32741
Publication date:
04/11/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-35910
Publication date:
04/11/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2025

CVE-2023-38391
Publication date:
04/11/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2023-40215
Publication date:
04/11/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2023-36677
Publication date:
03/11/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Smartypants SP Project &amp; Document Manager allows SQL Injection.This issue affects SP Project &amp; Document Manager: from n/a through 4.67.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2023-45189
Publication date:
03/11/2023
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2023-47233
Publication date:
03/11/2023
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2023-47234
Publication date:
03/11/2023
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-47235
Publication date:
03/11/2023
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-41725
Publication date:
03/11/2023
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2023-41726
Publication date:
03/11/2023
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024
Subscribe to Vulnerabilities