Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-49844
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49853
Publication date:
18/12/2023
Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through 1.3.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/02/2024

CVE-2022-40312
Publication date:
18/12/2023
Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/12/2023

CVE-2023-46177
Publication date:
18/12/2023
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-5384
Publication date:
18/12/2023
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2023-6228
Publication date:
18/12/2023
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2024

CVE-2023-5056
Publication date:
18/12/2023
A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user&amp;#39;s purview.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023

CVE-2023-5115
Publication date:
18/12/2023
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2023-5236
Publication date:
18/12/2023
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2023-4320
Publication date:
18/12/2023
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system&amp;#39;s integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2024

CVE-2023-3430
Publication date:
18/12/2023
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2023

CVE-2023-3628
Publication date:
18/12/2023
A flaw was found in Infinispan&amp;#39;s REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024
Subscribe to Vulnerabilities