Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-46222

Publication date:

19/12/2023

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

21/12/2023

CVE-2023-46223

Publication date:

19/12/2023

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

01/08/2024

CVE-2023-41727

Publication date:

19/12/2023

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2025

CVE-2023-37390

Publication date:

19/12/2023

Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0.

Severity CVSS v4.0: Pending analysis

Last modification:

28/04/2026

CVE-2023-44983

Publication date:

19/12/2023

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.6.

Severity CVSS v4.0: Pending analysis

Last modification:

28/04/2026

CVE-2023-44991

Publication date:

19/12/2023

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9.

Severity CVSS v4.0: Pending analysis

Last modification:

28/04/2026

CVE-2021-22962

Publication date:

19/12/2023

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

Severity CVSS v4.0: Pending analysis

Last modification:

28/12/2023

CVE-2023-25715

Publication date:

19/12/2023

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.

Severity CVSS v4.0: Pending analysis

Last modification:

28/04/2026

CVE-2023-6280

Publication date:

19/12/2023

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

Severity CVSS v4.0: Pending analysis

Last modification:

02/08/2024

CVE-2023-6711

Publication date:

19/12/2023

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU.

Severity CVSS v4.0: Pending analysis

Last modification:

25/09/2024

CVE-2023-6913

Publication date:

19/12/2023

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView without prompting or displaying it to the user. This vulnerability could trigger phishing attacks.

Severity CVSS v4.0: Pending analysis

Last modification:

28/12/2023

CVE-2023-1514

Publication date:

19/12/2023

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.

Severity CVSS v4.0: Pending analysis

Last modification:

28/12/2023

Subscribe to Vulnerabilities