Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-47151

Publication date:

17/04/2024

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

Severity CVSS v4.0: Pending analysis

Last modification:

23/01/2026

CVE-2022-41698

Publication date:

17/04/2024

Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2023-51418

Publication date:

17/04/2024

Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2024-32531

Publication date:

17/04/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a through 1.1.8.

Severity CVSS v4.0: Pending analysis

Last modification:

12/01/2026

CVE-2024-32530

Publication date:

17/04/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in PressTigers Simple Testimonials Showcase allows Stored XSS.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2024-32510

Publication date:

17/04/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2024-32526

Publication date:

17/04/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Flector Easy Textillate allows Stored XSS.This issue affects Easy Textillate: from n/a through 2.02.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2024-32527

Publication date:

17/04/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2024-32528

Publication date:

17/04/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords Injector: from n/a through 2.3.18.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2024-32529

Publication date:

17/04/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Momoyoga Yoga Schedule Momoyoga allows Stored XSS.This issue affects Yoga Schedule Momoyoga: from n/a through 2.7.0.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2024-26843

Publication date:

17/04/2024

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of pages in a soft-reserved region.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2025

CVE-2024-26844

Publication date:

17/04/2024

In the Linux kernel, the following vulnerability has been resolved: block: Fix WARNING in _copy_from_iter Syzkaller reports a warning in _copy_from_iter because an iov_iter is supposedly used in the wrong direction. The reason is that syzcaller managed to generate a request with a transfer direction of SG_DXFER_TO_FROM_DEV. This instructs the kernel to copy user buffers into the kernel, read into the copied buffers and then copy the data back to user space. Thus the iovec is used in both directions. Detect this situation in the block layer and construct a new iterator with the correct direction for the copy-in.

Severity CVSS v4.0: Pending analysis

Last modification:

02/04/2025

Subscribe to Vulnerabilities