Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-50466
Publication date:
19/12/2023
An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2023

CVE-2023-49764
Publication date:
19/12/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Advanced Database Cleaner.This issue affects Advanced Database Cleaner: from n/a through 3.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-49812
Publication date:
19/12/2023
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-49750
Publication date:
19/12/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-48327
Publication date:
19/12/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-48738
Publication date:
19/12/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-48741
Publication date:
19/12/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.This issue affects AI ChatBot: from n/a through 4.7.8.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-48764
Publication date:
19/12/2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-35883
Publication date:
19/12/2023
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-37982
Publication date:
19/12/2023
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-43826
Publication date:
19/12/2023
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.<br /> <br /> Users are recommended to upgrade to version 1.5.4, which fixes this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-41648
Publication date:
19/12/2023
URL Redirection to Untrusted Site (&amp;#39;Open Redirect&amp;#39;) vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026
Subscribe to Vulnerabilities