Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-13240

Publication date:
10/07/2026
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-13241

Publication date:
10/07/2026
Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-13242

Publication date:
10/07/2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Geolocation Field allows SQL Injection. This issue affects Geolocation Field versions: from 0.0.0 to 3.15.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-13243

Publication date:
10/07/2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-13244

Publication date:
10/07/2026
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-15079

Publication date:
10/07/2026
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable allows Brute Force. This issue affects Login Disable versions: from 0.0.0 to 2.1.4.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-15080

Publication date:
10/07/2026
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-15081

Publication date:
10/07/2026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-15082

Publication date:
10/07/2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting (XSS). This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-12535

Publication date:
10/07/2026
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-13231

Publication date:
10/07/2026
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Stored XSS. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026

CVE-2026-13232

Publication date:
10/07/2026
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2026