Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-27405
Publication date:
26/03/2025
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2025

CVE-2025-2820
Publication date:
26/03/2025
An authenticated attacker can compromise the availability of the device via the network
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-30524
Publication date:
26/03/2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog displayproduct allows SQL Injection.This issue affects Product Catalog: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-2819
Publication date:
26/03/2025
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-28942
Publication date:
26/03/2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust Payments Gateway for WooCommerce trust-payments-hosted-payment-pages-integration allows SQL Injection.This issue affects Trust Payments Gateway for WooCommerce: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-28924
Publication date:
26/03/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simbul ZenphotoPress zenphotopress allows Reflected XSS.This issue affects ZenphotoPress: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-28928
Publication date:
26/03/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google recaptcha for wordpress are-you-robot-recaptcha allows Reflected XSS.This issue affects Are you robot google recaptcha for wordpress: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-28934
Publication date:
26/03/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaozh Simple Post Series simple-post-series allows Reflected XSS.This issue affects Simple Post Series: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-28935
Publication date:
26/03/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in puzich Fancybox Plus fancybox-plus allows Reflected XSS.This issue affects Fancybox Plus: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-28939
Publication date:
26/03/2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EuroCizia WP Google Calendar Manager wp-gcalendar allows Blind SQL Injection.This issue affects WP Google Calendar Manager: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-28898
Publication date:
26/03/2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-28899
Publication date:
26/03/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toddhuish WP Event Ticketing wpeventticketing allows Reflected XSS.This issue affects WP Event Ticketing: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026
Subscribe to Vulnerabilities