Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-49977
Publication date:
06/03/2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2023-33677
Publication date:
06/03/2024
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2023-38946
Publication date:
06/03/2024
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2025

CVE-2024-22889
Publication date:
06/03/2024
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025

CVE-2024-25817
Publication date:
06/03/2024
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2024-27278
Publication date:
06/03/2024
OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-38944
Publication date:
06/03/2024
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-38945
Publication date:
06/03/2024
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-43318
Publication date:
06/03/2024
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-27765
Publication date:
05/03/2024
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025

CVE-2023-48644
Publication date:
05/03/2024
An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2024-24275
Publication date:
05/03/2024
Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025
Subscribe to Vulnerabilities