Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-1424
Publication date:
24/05/2023
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2023

CVE-2023-2494
Publication date:
24/05/2023
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-2498
Publication date:
24/05/2023
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-2496
Publication date:
24/05/2023
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-31759
Publication date:
24/05/2023
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31761
Publication date:
24/05/2023
Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31762
Publication date:
24/05/2023
Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31763
Publication date:
24/05/2023
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31747
Publication date:
23/05/2023
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025

CVE-2023-32697
Publication date:
23/05/2023
SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2023

CVE-2023-28015
Publication date:
23/05/2023
The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability.   During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not.  The attacker could use this information to focus a brute force attack on valid users.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2023-31726
Publication date:
23/05/2023
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025
Subscribe to Vulnerabilities