Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-41298
Publication date:
25/09/2023
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2023

CVE-2023-41299
Publication date:
25/09/2023
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2023

CVE-2023-41419
Publication date:
25/09/2023
An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2025

CVE-2023-41294
Publication date:
25/09/2023
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-41295
Publication date:
25/09/2023
Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2023

CVE-2023-41296
Publication date:
25/09/2023
Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2023

CVE-2023-39409
Publication date:
25/09/2023
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2023

CVE-2023-39407
Publication date:
25/09/2023
The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2023

CVE-2023-39408
Publication date:
25/09/2023
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2023

CVE-2015-6964
Publication date:
25/09/2023
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2023-5153
Publication date:
25/09/2023
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024

CVE-2023-5154
Publication date:
25/09/2023
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024
Subscribe to Vulnerabilities