Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26571
Publication date:
25/10/2023
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-26572
Publication date:
25/10/2023
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2023

CVE-2023-26573
Publication date:
25/10/2023
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-26574
Publication date:
25/10/2023
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-26575
Publication date:
25/10/2023
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-26576
Publication date:
25/10/2023
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-26577
Publication date:
25/10/2023
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2023

CVE-2023-26578
Publication date:
25/10/2023
Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2023

CVE-2023-26579
Publication date:
25/10/2023
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2023

CVE-2023-26580
Publication date:
25/10/2023
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2023

CVE-2023-25032
Publication date:
25/10/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2023

CVE-2023-20273
Publication date:
25/10/2023
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2025
Subscribe to Vulnerabilities