Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-45052

Publication date:

12/10/2023

Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin

Severity CVSS v4.0: Pending analysis

Last modification:

17/10/2023

CVE-2023-45058

Publication date:

12/10/2023

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin

Severity CVSS v4.0: Pending analysis

Last modification:

17/10/2023

CVE-2023-45060

Publication date:

12/10/2023

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin

Severity CVSS v4.0: Pending analysis

Last modification:

17/10/2023

CVE-2023-45063

Publication date:

12/10/2023

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin

Severity CVSS v4.0: Pending analysis

Last modification:

17/10/2023

CVE-2023-23651

Publication date:

12/10/2023

Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin

Severity CVSS v4.0: Pending analysis

Last modification:

14/10/2023

CVE-2023-23737

Publication date:

12/10/2023

Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin

Severity CVSS v4.0: Pending analysis

Last modification:

17/10/2023

CVE-2023-43789

Publication date:

12/10/2023

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

Severity CVSS v4.0: Pending analysis

Last modification:

16/09/2024

CVE-2023-5045

Publication date:

12/10/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.<br /> <br />

Severity CVSS v4.0: Pending analysis

Last modification:

30/11/2023

CVE-2023-5046

Publication date:

12/10/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390.<br /> <br />

Severity CVSS v4.0: Pending analysis

Last modification:

30/11/2023