Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-2863
Publication date:
24/05/2023
A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-2862
Publication date:
24/05/2023
A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-2859
Publication date:
24/05/2023
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2022-0357
Publication date:
24/05/2023
Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.<br /> <br /> This issue affects:<br /> <br /> Bitdefender Total Security<br /> versions prior to 26.0.10.45.<br /> Bitdefender Internet Security<br /> versions prior to 26.0.10.45.<br /> Bitdefender Antivirus Plus<br /> versions prior to 26.0.10.45.
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2023

CVE-2023-1424
Publication date:
24/05/2023
Buffer Copy without Checking Size of Input (&amp;#39;Classic Buffer Overflow&amp;#39;) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2023

CVE-2023-2494
Publication date:
24/05/2023
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the &amp;#39;process_postdata&amp;#39; function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator&amp;#39;s privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-2498
Publication date:
24/05/2023
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-2496
Publication date:
24/05/2023
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the &amp;#39;validate_upload&amp;#39; function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site&amp;#39;s server which may make remote code execution possible.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-31759
Publication date:
24/05/2023
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31761
Publication date:
24/05/2023
Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31762
Publication date:
24/05/2023
Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31763
Publication date:
24/05/2023
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025
Subscribe to Vulnerabilities