Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29471
Publication date:
27/04/2023
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-29489
Publication date:
27/04/2023
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2023

CVE-2023-29950
Publication date:
27/04/2023
swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2022-38730
Publication date:
27/04/2023
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2022-37326
Publication date:
27/04/2023
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2022-34292
Publication date:
27/04/2023
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2022-31647
Publication date:
27/04/2023
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-2355
Publication date:
27/04/2023
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
Severity CVSS v4.0: Pending analysis
Last modification:
09/05/2023

CVE-2023-27860
Publication date:
27/04/2023
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2023

CVE-2023-28286
Publication date:
27/04/2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-28261
Publication date:
27/04/2023
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2025

CVE-2023-21712
Publication date:
27/04/2023
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024
Subscribe to Vulnerabilities