Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-41367
Publication date:
12/09/2023
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2023

CVE-2023-37489
Publication date:
12/09/2023
Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application&amp;#39;s availability or integrity.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2023

CVE-2023-41368
Publication date:
12/09/2023
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2023

CVE-2023-41369
Publication date:
12/09/2023
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2023

CVE-2023-32005
Publication date:
12/09/2023
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument.<br /> <br /> This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.<br /> <br /> This vulnerability affects all users using the experimental permission model in Node.js 20.<br /> <br /> Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2023-25519
Publication date:
12/09/2023
<br /> NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges.  <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2023

CVE-2023-4899
Publication date:
12/09/2023
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2023

CVE-2023-41990
Publication date:
12/09/2023
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2025

CVE-2023-4898
Publication date:
12/09/2023
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2023

CVE-2023-40442
Publication date:
12/09/2023
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-40440
Publication date:
12/09/2023
This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.
Severity CVSS v4.0: Pending analysis
Last modification:
25/06/2025

CVE-2023-39069
Publication date:
11/09/2023
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.
Severity CVSS v4.0: Pending analysis
Last modification:
15/09/2023
Subscribe to Vulnerabilities