Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-27437
Publication date:
05/03/2026
Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026

CVE-2026-27438
Publication date:
05/03/2026
Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026

CVE-2026-27439
Publication date:
05/03/2026
Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026

CVE-2026-27411
Publication date:
05/03/2026
Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2026-27541
Publication date:
05/03/2026
Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2026-27388
Publication date:
05/03/2026
Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Booking Manager: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026

CVE-2026-27389
Publication date:
05/03/2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026

CVE-2026-27390
Publication date:
05/03/2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026

CVE-2026-27396
Publication date:
05/03/2026
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026

CVE-2026-27406
Publication date:
05/03/2026
Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026

CVE-2026-27386
Publication date:
05/03/2026
Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2026-27375
Publication date:
05/03/2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2026
Subscribe to Vulnerabilities