Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26133
Publication date:
12/06/2023
All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-35036
Publication date:
12/06/2023
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer&amp;#39;s database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.
Severity CVSS v4.0: Pending analysis
Last modification:
03/01/2025

CVE-2023-35034
Publication date:
12/06/2023
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-35032
Publication date:
12/06/2023
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2023

CVE-2023-35035
Publication date:
12/06/2023
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2023

CVE-2023-35031
Publication date:
12/06/2023
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-35033
Publication date:
12/06/2023
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2023

CVE-2020-36732
Publication date:
12/06/2023
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-22585
Publication date:
11/06/2023
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2023-22586
Publication date:
11/06/2023
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2023-25911
Publication date:
11/06/2023
The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-25912
Publication date:
11/06/2023
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024
Subscribe to Vulnerabilities