Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-49247
Publication date:
16/10/2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2024-49257
Publication date:
16/10/2024
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2024-49271
Publication date:
16/10/2024
Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2023-32196
Publication date:
16/10/2024
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2024

CVE-2024-10023
Publication date:
16/10/2024
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
21/10/2024

CVE-2024-10024
Publication date:
16/10/2024
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
21/10/2024

CVE-2024-48042
Publication date:
16/10/2024
Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2023-32191
Publication date:
16/10/2024
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2023-32192
Publication date:
16/10/2024
A vulnerability has been identified in which unauthenticated cross-site <br /> scripting (XSS) in the API Server&amp;#39;s public API endpoint can be <br /> exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2023-32193
Publication date:
16/10/2024
A vulnerability has been identified in which unauthenticated cross-site <br /> scripting (XSS) in Norman&amp;#39;s public API endpoint can be exploited. This <br /> can lead to an attacker exploiting the vulnerability to trigger <br /> JavaScript code and execute commands remotely.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2023-32194
Publication date:
16/10/2024
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive *<br /> permissions for core namespaces. This can lead to someone being capable<br /> of accessing, creating, updating, or deleting a namespace in the <br /> project.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2024

CVE-2020-36841
Publication date:
16/10/2024
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024
Subscribe to Vulnerabilities