Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-24556
Publication date:
23/01/2026
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
26/01/2026

CVE-2026-24550
Publication date:
23/01/2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
26/01/2026

CVE-2026-24553
Publication date:
23/01/2026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
26/01/2026

CVE-2026-24551
Publication date:
23/01/2026
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
26/01/2026

CVE-2026-24549
Publication date:
23/01/2026
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a before 2.8.150.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2026

CVE-2026-24548
Publication date:
23/01/2026
Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
26/01/2026

CVE-2026-24542
Publication date:
23/01/2026
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2026

CVE-2026-24540
Publication date:
23/01/2026
Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2026

CVE-2026-24541
Publication date:
23/01/2026
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2026

CVE-2026-24543
Publication date:
23/01/2026
Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2026

CVE-2026-24544
Publication date:
23/01/2026
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2026

CVE-2026-24539
Publication date:
23/01/2026
Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2026
Subscribe to Vulnerabilities