Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26155
Publication date:
14/10/2023
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-44037
Publication date:
14/10/2023
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-45855
Publication date:
14/10/2023
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-30154
Publication date:
14/10/2023
Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2023

CVE-2023-30148
Publication date:
14/10/2023
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023

CVE-2023-45852
Publication date:
14/10/2023
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2023

CVE-2023-45853
Publication date:
14/10/2023
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2024

CVE-2023-45674
Publication date:
14/10/2023
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2023

CVE-2023-4257
Publication date:
13/10/2023
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.
Severity CVSS v4.0: Pending analysis
Last modification:
12/01/2024

CVE-2023-36559
Publication date:
13/10/2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2023-4263
Publication date:
13/10/2023
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-32974
Publication date:
13/10/2023
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> QTS 5.1.0.2444 build 20230629 and later<br /> QuTS hero h5.1.0.2424 build 20230609 and later<br /> QuTScloud c5.1.0.2498 and later<br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2023
Subscribe to Vulnerabilities