Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-52223

Publication date:

28/02/2024

Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.

Severity CVSS v4.0: Pending analysis

Last modification:

01/04/2025

CVE-2024-24702

Publication date:

28/02/2024

Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5.

Severity CVSS v4.0: Pending analysis

Last modification:

01/04/2025

CVE-2024-24705

Publication date:

28/02/2024

Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6.

Severity CVSS v4.0: Pending analysis

Last modification:

29/02/2024

CVE-2023-6917

Publication date:

28/02/2024

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.

Severity CVSS v4.0: Pending analysis

Last modification:

25/02/2026

CVE-2024-25910

Publication date:

28/02/2024

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

Severity CVSS v4.0: Pending analysis

Last modification:

10/04/2025

CVE-2024-25927

Publication date:

28/02/2024

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0.

Severity CVSS v4.0: Pending analysis

Last modification:

04/03/2025

CVE-2024-27515

Publication date:

28/02/2024

Osclass 5.1.2 is vulnerable to SQL Injection.

Severity CVSS v4.0: Pending analysis

Last modification:

05/05/2025

CVE-2024-24868

Publication date:

28/02/2024

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69.

Severity CVSS v4.0: Pending analysis

Last modification:

04/03/2025

CVE-2024-25902

Publication date:

28/02/2024

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2.

Severity CVSS v4.0: Pending analysis

Last modification:

04/03/2025

CVE-2024-21885

Publication date:

28/02/2024

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2024-21886

Publication date:

28/02/2024

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

CVE-2024-1965

Publication date:

28/02/2024

Server-Side Request Forgery vulnerability in Haivision&#39;s Aviwest Manager and Aviwest Steamhub. This vulnerability could allow an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by other users.

Severity CVSS v4.0: Pending analysis

Last modification:

10/04/2025

Subscribe to Vulnerabilities