Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-29635
Publication date:
01/05/2023
File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2025

CVE-2023-29637
Publication date:
01/05/2023
Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2025

CVE-2023-29641
Publication date:
01/05/2023
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2025

CVE-2023-29638
Publication date:
01/05/2023
Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2025

CVE-2023-29636
Publication date:
01/05/2023
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2026

CVE-2023-29639
Publication date:
01/05/2023
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2026

CVE-2023-0683
Publication date:
01/05/2023
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2023

CVE-2022-46365
Publication date:
01/05/2023
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.<br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2022-48186
Publication date:
01/05/2023
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2025

CVE-2022-4568
Publication date:
01/05/2023
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2025

CVE-2023-25492
Publication date:
01/05/2023
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2023

CVE-2023-28092
Publication date:
01/05/2023
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/05/2023
Subscribe to Vulnerabilities