Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-3351
Publication date:
21/06/2023
Rejected reason: Wrong year requested.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-34981
Publication date:
21/06/2023
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024

CVE-2023-34340
Publication date:
21/06/2023
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.<br /> This issue affects Apache Accumulo: 2.1.0.<br /> <br /> Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024

CVE-2023-3339
Publication date:
21/06/2023
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2022-25883
Publication date:
21/06/2023
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2025

CVE-2023-34563
Publication date:
20/06/2023
netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2023-3220
Publication date:
20/06/2023
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2025

CVE-2023-32274
Publication date:
20/06/2023
<br /> <br /> <br /> <br /> <br /> Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2023-35166
Publication date:
20/06/2023
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It&amp;#39;s possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2023-33869
Publication date:
20/06/2023
<br /> Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2023

CVE-2023-35885
Publication date:
20/06/2023
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2023-2400
Publication date:
20/06/2023
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024
Subscribe to Vulnerabilities