Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-27514

Publication date:

23/05/2023

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.

Severity CVSS v4.0: Pending analysis

Last modification:

16/01/2025

CVE-2023-27518

Publication date:

23/05/2023

Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-27521

Publication date:

23/05/2023

OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-27920

Publication date:

23/05/2023

Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-27921

Publication date:

23/05/2023

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-27922

Publication date:

23/05/2023

Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.

Severity CVSS v4.0: Pending analysis

Last modification:

30/05/2023

CVE-2023-27923

Publication date:

23/05/2023

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2025

CVE-2023-27925

Publication date:

23/05/2023

Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2025

CVE-2023-27384

Publication date:

23/05/2023

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2025

CVE-2023-25953

Publication date:

23/05/2023

Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2025

CVE-2023-25946

Publication date:

23/05/2023

Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product&#39;s communication data and conduct an arbitrary operation under certain conditions.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-23545

Publication date:

23/05/2023

Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

Subscribe to Vulnerabilities