Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-47663
Publication date:
04/06/2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Menno Luitjes Foyer allows Code Injection.This issue affects Foyer: from n/a through 1.7.5.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2023-47769
Publication date:
04/06/2024
Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2023-47818
Publication date:
04/06/2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2023-45635
Publication date:
04/06/2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2023-46310
Publication date:
04/06/2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2025

CVE-2023-46630
Publication date:
04/06/2024
Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2023-45053
Publication date:
04/06/2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through 1.3.3.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2023-45009
Publication date:
04/06/2024
Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2023-5751
Publication date:
04/06/2024
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-4581
Publication date:
04/06/2024
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied &amp;#39;class&amp;#39;, &amp;#39;id&amp;#39;, and &amp;#39;title&amp;#39; attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation of this vulnerability requires an Administrator to give Slider Creation privileges to Author-level users.
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2025

CVE-2024-5000
Publication date:
04/06/2024
An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2024-5420
Publication date:
04/06/2024
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.
Severity CVSS v4.0: HIGH
Last modification:
08/10/2025
Subscribe to Vulnerabilities