Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-43669
Publication date:
21/09/2023
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).
Severity CVSS v4.0: Pending analysis
Last modification:
16/02/2024

CVE-2018-5478
Publication date:
21/09/2023
Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2023

CVE-2023-39252
Publication date:
21/09/2023
<br /> Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2025

CVE-2015-8371
Publication date:
21/09/2023
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2023

CVE-2015-5467
Publication date:
21/09/2023
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2023

CVE-2023-39675
Publication date:
20/09/2023
SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2023

CVE-2023-37279
Publication date:
20/09/2023
Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2023

CVE-2023-43135
Publication date:
20/09/2023
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2023

CVE-2023-34575
Publication date:
20/09/2023
SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2023

CVE-2023-36109
Publication date:
20/09/2023
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2023

CVE-2023-36234
Publication date:
20/09/2023
Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2024

CVE-2023-38875
Publication date:
20/09/2023
A reflected cross-site scripting (XSS) vulnerability in msaad1999&amp;#39;s PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the &amp;#39;validator&amp;#39; parameter in &amp;#39;/reset-password&amp;#39;.
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2023
Subscribe to Vulnerabilities