Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-15033
Publication date:
07/06/2023
The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-25138
Publication date:
07/06/2023
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-33781
Publication date:
07/06/2023
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2025

CVE-2023-33782
Publication date:
07/06/2023
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2023-30400
Publication date:
07/06/2023
An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2025

CVE-2021-33223
Publication date:
07/06/2023
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2023

CVE-2022-25834
Publication date:
07/06/2023
In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2023

CVE-2023-33569
Publication date:
06/06/2023
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2023-33684
Publication date:
06/06/2023
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.
Severity CVSS v4.0: Pending analysis
Last modification:
16/02/2024

CVE-2023-34409
Publication date:
06/06/2023
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2023-33477
Publication date:
06/06/2023
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2023-2961
Publication date:
06/06/2023
A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2025
Subscribe to Vulnerabilities