Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-41654
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-41659
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-41732
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-41801
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-41950
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-44146
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-41650
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-40607
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2023

CVE-2023-38703
Publication date:
06/10/2023
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2025

CVE-2023-42445
Publication date:
06/10/2023
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2023-43058
Publication date:
06/10/2023
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-43810
Publication date:
06/10/2023
OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2023
Subscribe to Vulnerabilities