Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-28390

Publication date:

23/05/2023

Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2025

CVE-2023-28408

Publication date:

23/05/2023

Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2025

CVE-2023-28409

Publication date:

23/05/2023

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-28413

Publication date:

23/05/2023

Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-30469

Publication date:

23/05/2023

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.<br /> <br />

Severity CVSS v4.0: Pending analysis

Last modification:

30/05/2023

CVE-2023-28394

Publication date:

23/05/2023

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2025

CVE-2023-28392

Publication date:

23/05/2023

Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow an authenticated user with an administrative privilege to execute an arbitrary OS command.

Severity CVSS v4.0: Pending analysis

Last modification:

17/01/2025

CVE-2023-27397

Publication date:

23/05/2023

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product&#39;s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-27507

Publication date:

23/05/2023

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product&#39;s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

CVE-2023-27512

Publication date:

23/05/2023

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.

Severity CVSS v4.0: Pending analysis

Last modification:

30/05/2023

CVE-2023-27514

Publication date:

23/05/2023

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.

Severity CVSS v4.0: Pending analysis

Last modification:

16/01/2025

CVE-2023-27518

Publication date:

23/05/2023

Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

31/01/2025

Subscribe to Vulnerabilities