Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22901
Publication date:
02/02/2024
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-22902
Publication date:
02/02/2024
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-22903
Publication date:
02/02/2024
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-50935
Publication date:
02/02/2024
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2024

CVE-2023-50938
Publication date:
02/02/2024
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim&amp;#39;s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2024

CVE-2023-50941
Publication date:
02/02/2024
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2024

CVE-2023-50962
Publication date:
02/02/2024
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2024

CVE-2024-22779
Publication date:
02/02/2024
Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2023-32333
Publication date:
02/02/2024
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2024

CVE-2023-46344
Publication date:
02/02/2024
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&amp;b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2023-48792
Publication date:
02/02/2024
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2025

CVE-2023-48793
Publication date:
02/02/2024
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2025
Subscribe to Vulnerabilities