Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-1760
Publication date:
06/03/2024
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026

CVE-2024-1220
Publication date:
06/03/2024
A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2025

CVE-2023-49971
Publication date:
06/03/2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2023-49973
Publication date:
06/03/2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2023-49974
Publication date:
06/03/2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2023-49976
Publication date:
06/03/2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2023-49977
Publication date:
06/03/2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2023-33677
Publication date:
06/03/2024
Sourcecodester Lost and Found Information System&amp;#39;s Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&amp;id=*".
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2023-38946
Publication date:
06/03/2024
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2025

CVE-2024-22889
Publication date:
06/03/2024
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025

CVE-2024-25817
Publication date:
06/03/2024
Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2024-27278
Publication date:
06/03/2024
OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025
Subscribe to Vulnerabilities