Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-26599
Publication date:
19/04/2023
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2023-25759
Publication date:
19/04/2023
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2022-38125
Publication date:
19/04/2023
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2022-4308
Publication date:
19/04/2023
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2023-22645
Publication date:
19/04/2023
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2023-0317
Publication date:
19/04/2023
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2023-2170
Publication date:
19/04/2023
The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-2169
Publication date:
19/04/2023
The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-2168
Publication date:
19/04/2023
The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-25620
Publication date:
19/04/2023
<br /> <br /> <br /> A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that<br /> could cause denial of service of the controller when a malicious project file is loaded onto the<br /> controller by an authenticated user. <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2023

CVE-2023-25619
Publication date:
19/04/2023
<br /> A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that<br /> could cause denial of service of the controller when communicating over the Modbus TCP<br /> protocol. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2022-2507
Publication date:
19/04/2023
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025
Subscribe to Vulnerabilities