Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-4541
Publication date:
29/12/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229. <br /> <br /> NOTE: The vendor was contacted early about this disclosure but did not respond in any way.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2024

CVE-2023-4674
Publication date:
29/12/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: through 20231229. <br /> <br /> NOTE: The vendor was contacted early about this disclosure but did not respond in any way.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/01/2024

CVE-2023-4675
Publication date:
29/12/2023
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO: through 20231229. <br /> <br /> NOTE: The vendor was contacted early about this disclosure but did not respond in any way.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2024

CVE-2023-50570
Publication date:
29/12/2023
An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid arguments. The product is not intended to always halt for contrived inputs.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2024

CVE-2023-50571
Publication date:
29/12/2023
easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule.
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2024

CVE-2023-51675
Publication date:
29/12/2023
URL Redirection to Untrusted Site (&amp;#39;Open Redirect&amp;#39;) vulnerability in AAM Advanced Access Manager – Restricted Content, Users &amp; Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users &amp; Roles, Enhanced Security and More: from n/a through 6.9.18.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-51419
Publication date:
29/12/2023
Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-51421
Publication date:
29/12/2023
Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-51468
Publication date:
29/12/2023
Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-51473
Publication date:
29/12/2023
Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-51475
Publication date:
29/12/2023
Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-51410
Publication date:
29/12/2023
Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026
Subscribe to Vulnerabilities