Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-48051
Publication date:
20/11/2023
An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2023-48310
Publication date:
20/11/2023
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2023-6199
Publication date:
20/11/2023
Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2025

CVE-2023-48176
Publication date:
20/11/2023
An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token).
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023

CVE-2023-48192
Publication date:
20/11/2023
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2023-46470
Publication date:
20/11/2023
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser.
Severity CVSS v4.0: Pending analysis
Last modification:
28/11/2023

CVE-2023-46471
Publication date:
20/11/2023
Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2025

CVE-2023-47172
Publication date:
20/11/2023
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later.
Severity CVSS v4.0: Pending analysis
Last modification:
28/11/2023

CVE-2023-47311
Publication date:
20/11/2023
An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking.
Severity CVSS v4.0: Pending analysis
Last modification:
28/11/2023

CVE-2023-6062
Publication date:
20/11/2023
<br /> An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2023-6178
Publication date:
20/11/2023
<br /> An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote host, which could lead to a denial of service condition. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2023

CVE-2023-38823
Publication date:
20/11/2023
Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2025
Subscribe to Vulnerabilities