Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-5626
Publication date:
18/10/2023
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-41711
Publication date:
17/10/2023
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-41712
Publication date:
17/10/2023
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-41713
Publication date:
17/10/2023
SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-41715
Publication date:
17/10/2023
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2023-42506
Publication date:
17/10/2023
Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2023

CVE-2023-42507
Publication date:
17/10/2023
Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2023

CVE-2023-45810
Publication date:
17/10/2023
OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-45811
Publication date:
17/10/2023
Synchrony deobfuscator is a javascript cleaner &amp; deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags<br />
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2025

CVE-2023-36321
Publication date:
17/10/2023
Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2023-39276
Publication date:
17/10/2023
<br /> SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-39277
Publication date:
17/10/2023
<br /> SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023
Subscribe to Vulnerabilities