Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-29027

Publication date:

19/03/2024

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2024

CVE-2024-28303

Publication date:

19/03/2024

Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php.

Severity CVSS v4.0: Pending analysis

Last modification:

31/10/2024

CVE-2024-29094

Publication date:

19/03/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2024

CVE-2024-2307

Publication date:

19/03/2024

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

Severity CVSS v4.0: Pending analysis

Last modification:

22/05/2024

CVE-2024-2442

Publication date:

19/03/2024

Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2024

CVE-2024-2545

Publication date:

19/03/2024

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: This candidate is a duplicate of CVE-2024-1730. Notes: All CVE users should reference CVE-2024-1730 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity CVSS v4.0: Pending analysis

Last modification:

19/03/2024

CVE-2024-29091

Publication date:

19/03/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Honeypot Anti Spam: from n/a through 2.1.13.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2024

CVE-2024-29093

Publication date:

19/03/2024

Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2024

CVE-2024-29092

Publication date:

19/03/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.

Severity CVSS v4.0: Pending analysis

Last modification:

05/02/2025

CVE-2024-27997

Publication date:

19/03/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2024

CVE-2024-27998

Publication date:

19/03/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2024

CVE-2024-29089

Publication date:

19/03/2024

Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14.

Severity CVSS v4.0: Pending analysis

Last modification:

20/03/2024

Subscribe to Vulnerabilities