Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-32972
Publication date:
06/10/2023
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> QTS 5.0.1.2425 build 20230609 and later<br /> QTS 5.1.0.2444 build 20230629 and later<br /> QTS 4.5.4.2467 build 20230718 and later<br /> QuTS hero h5.0.1.2515 build 20230907 and later<br /> QuTS hero h5.1.0.2424 build 20230609 and later<br /> QuTS hero h4.5.4.2476 build 20230728 and later<br /> QuTScloud c5.1.0.2498 and later<br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-44807
Publication date:
06/10/2023
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-23365
Publication date:
06/10/2023
A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> Music Station 5.3.22 and later<br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-23366
Publication date:
06/10/2023
A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> Music Station 5.3.22 and later<br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-23370
Publication date:
06/10/2023
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> QVPN Windows 2.1.0.0518 and later<br />
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2023

CVE-2023-23371
Publication date:
06/10/2023
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> QVPN Windows 2.2.0.0823 and later<br />
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2023

CVE-2023-44233
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-44243
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-39928
Publication date:
06/10/2023
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-41654
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023

CVE-2023-41659
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-41732
Publication date:
06/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2023
Subscribe to Vulnerabilities