Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-23301
Publication date:
23/05/2023
The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-31518
Publication date:
23/05/2023
A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-2703
Publication date:
23/05/2023
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2023

CVE-2023-1837
Publication date:
23/05/2023
Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-1209
Publication date:
23/05/2023
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2023

CVE-2023-25474
Publication date:
23/05/2023
Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023

CVE-2023-33617
Publication date:
23/05/2023
An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-33599
Publication date:
23/05/2023
EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2022-46813
Publication date:
23/05/2023
Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2023

CVE-2023-26011
Publication date:
23/05/2023
Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2023

CVE-2023-26014
Publication date:
23/05/2023
Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2023

CVE-2023-30440
Publication date:
23/05/2023
IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2023
Subscribe to Vulnerabilities