Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-46779
Publication date:
06/11/2023
Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-46780
Publication date:
06/11/2023
Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-46781
Publication date:
06/11/2023
Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-47186
Publication date:
06/11/2023
Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-5823
Publication date:
06/11/2023
Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2025

CVE-2023-46775
Publication date:
06/11/2023
Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2023-47185
Publication date:
06/11/2023
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-4996
Publication date:
06/11/2023
Netskope was made aware of a security vulnerability in its NSClient product for version 100 &amp; prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2023-5090
Publication date:
06/11/2023
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2023-5825
Publication date:
06/11/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2023-5831
Publication date:
06/11/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2024

CVE-2023-46783
Publication date:
06/11/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2024
Subscribe to Vulnerabilities