Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-45885
Publication date:
09/11/2023
Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2023-47610
Publication date:
09/11/2023
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2024

CVE-2023-25994
Publication date:
09/11/2023
Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2023-36688
Publication date:
09/11/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2023-46743
Publication date:
09/11/2023
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2023

CVE-2023-46894
Publication date:
09/11/2023
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2023-47110
Publication date:
09/11/2023
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2023-47372
Publication date:
09/11/2023
The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2023

CVE-2023-47373
Publication date:
09/11/2023
The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2023

CVE-2023-6039
Publication date:
09/11/2023
A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2023

CVE-2023-40055
Publication date:
09/11/2023
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2023

CVE-2023-41137
Publication date:
09/11/2023
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2024
Subscribe to Vulnerabilities