Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-23581
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Demo User DZS demo-user-dzs-showcase-your-admin-safely allows Stored XSS.This issue affects Demo User DZS: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-23582
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haider Ali Bulk Categories Assign bulk-categories-assign allows Reflected XSS.This issue affects Bulk Categories Assign: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-23588
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in baonguyenyam WOW Best CSS Compiler best-css-compiler allows Reflected XSS.This issue affects WOW Best CSS Compiler: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-23590
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dezdy.com Dezdy dezdy-mcommerce allows Reflected XSS.This issue affects Dezdy: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-23591
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-23593
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha EmailPress emailpress allows Reflected XSS.This issue affects EmailPress: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-23594
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Google Map With Fancybox: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-22703
Publication date:
03/02/2025
Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder forge allows Stored XSS.This issue affects Forge – Front-End Page Builder: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-22704
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-22775
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-23491
Publication date:
03/02/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikash Srivastava VSTEMPLATE Creator vstemplate-creator allows Reflected XSS.This issue affects VSTEMPLATE Creator: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2025-23527
Publication date:
03/02/2025
Missing Authorization vulnerability in hemnathmouli WC Wallet wc-wallet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WC Wallet: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026
Subscribe to Vulnerabilities