Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-30900
Publication date:
10/10/2023
A vulnerability has been identified in Xpedition Layout Browser (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2023

CVE-2023-35796
Publication date:
10/10/2023
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2023

CVE-2023-36380
Publication date:
10/10/2023
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
17/10/2023

CVE-2023-37194
Publication date:
10/10/2023
A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2023

CVE-2023-37195
Publication date:
10/10/2023
A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2023

CVE-2022-30527
Publication date:
10/10/2023
A vulnerability has been identified in SINEC NMS (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2024

CVE-2023-4837
Publication date:
10/10/2023
SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. <br /> This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024

CVE-2023-5498
Publication date:
10/10/2023
Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47.
Severity CVSS v4.0: Pending analysis
Last modification:
13/10/2023

CVE-2023-44261
Publication date:
10/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-41854
Publication date:
10/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-41858
Publication date:
10/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2023

CVE-2023-41876
Publication date:
10/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2023
Subscribe to Vulnerabilities