Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-52402
Publication date:
19/11/2024
Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-52420
Publication date:
19/11/2024
Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Disable Admin Notices individually allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through 1.3.5.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-52421
Publication date:
19/11/2024
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-51937
Publication date:
19/11/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Information Analytics IA Map Analytics Basic allows DOM-Based XSS.This issue affects IA Map Analytics Basic: from n/a through 20170413.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-52388
Publication date:
19/11/2024
Cross-Site Request Forgery (CSRF) vulnerability in Mike “Mikeage” Miller Hebrew Date allows Stored XSS.This issue affects Hebrew Date: from n/a through 2.1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-52395
Publication date:
19/11/2024
Missing Authorization vulnerability in QunatumCloud Floating Buttons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through 2.8.8.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-51938
Publication date:
19/11/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.2.
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2025

CVE-2024-51932
Publication date:
19/11/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saif Bin-Alam Kings Tab Slider allows DOM-Based XSS.This issue affects Kings Tab Slider: from n/a through 1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-51933
Publication date:
19/11/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christian Ladewig Cookie Nonsense for YT allows DOM-Based XSS.This issue affects Cookie Nonsense for YT: from n/a through 1.2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-51934
Publication date:
19/11/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uri Lazcano (Urielink) Ekiline Block Collection allows DOM-Based XSS.This issue affects Ekiline Block Collection: from n/a through 1.0.5.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-51935
Publication date:
19/11/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sam Perrow Fast Video and Image Display allows DOM-Based XSS.This issue affects Fast Video and Image Display: from n/a through 2.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2024-51936
Publication date:
19/11/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Henry ESB Testimonials allows Stored XSS.This issue affects ESB Testimonials: from n/a through 1.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024
Subscribe to Vulnerabilities