Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-46135

Publication date:
25/10/2023
rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-46150

Publication date:
25/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-46151

Publication date:
25/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-46152

Publication date:
25/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-45832

Publication date:
25/10/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson WP GoToWebinar plugin
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2026

CVE-2023-45833

Publication date:
25/10/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-45835

Publication date:
25/10/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2023

CVE-2023-45837

Publication date:
25/10/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2023

CVE-2023-45844

Publication date:
25/10/2023
The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2024

CVE-2023-45851

Publication date:
25/10/2023
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. <br /> <br /> <br /> This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2023

CVE-2023-45960

Publication date:
25/10/2023
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2023

CVE-2023-45990

Publication date:
25/10/2023
Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2023