Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-51533
Publication date:
28/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2025

CVE-2024-1847
Publication date:
28/02/2024
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.
Severity CVSS v4.0: Pending analysis
Last modification:
02/09/2024

CVE-2024-26342
Publication date:
28/02/2024
A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2025

CVE-2024-27103
Publication date:
28/02/2024
Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the "query auto-suggestion" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-52226
Publication date:
28/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2025

CVE-2024-0560
Publication date:
28/02/2024
A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn&amp;#39;t inspect tokens, it determines that all tokens are valid.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025

CVE-2024-21749
Publication date:
28/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2025

CVE-2023-51681
Publication date:
28/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration &amp; Backup Plugin.This issue affects Duplicator – WordPress Migration &amp; Backup Plugin: from n/a through 1.5.7.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/02/2024

CVE-2023-51683
Publication date:
28/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal &amp; Stripe Buy Now Button.This issue affects Easy PayPal &amp; Stripe Buy Now Button: from n/a through 1.8.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2023-52223
Publication date:
28/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-24702
Publication date:
28/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz &amp; Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-24705
Publication date:
28/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/02/2024
Subscribe to Vulnerabilities