Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-39834
Publication date:
24/08/2023
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2023

CVE-2023-40891
Publication date:
24/08/2023
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2025

CVE-2023-40892
Publication date:
24/08/2023
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2025

CVE-2023-40893
Publication date:
24/08/2023
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2025

CVE-2023-40894
Publication date:
24/08/2023
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2025

CVE-2023-40895
Publication date:
24/08/2023
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2025

CVE-2023-40896
Publication date:
24/08/2023
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2025

CVE-2023-40709
Publication date:
24/08/2023
An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2023-40708
Publication date:
24/08/2023
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2023-40710
Publication date:
24/08/2023
An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2023-34973
Publication date:
24/08/2023
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> QTS 5.0.1.2425 build 20230609 and later<br /> QTS 5.1.0.2444 build 20230629 and later<br /> QuTS hero h5.1.0.2424 build 20230609 and later<br />
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2023

CVE-2022-46884
Publication date:
24/08/2023
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash.<br /> *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2023
Subscribe to Vulnerabilities