Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-31114
Publication date:
31/03/2024
Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2024

CVE-2023-50959
Publication date:
31/03/2024
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2024

CVE-2024-22353
Publication date:
31/03/2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 280400.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2024

CVE-2024-25027
Publication date:
31/03/2024
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-50311
Publication date:
31/03/2024
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2024

CVE-2017-20191
Publication date:
31/03/2024
A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is bb240ce0c71c01caabaa43eed30c78ba8d7d3591. It is recommended to upgrade the affected component. The identifier VDB-258621 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2020-36828
Publication date:
31/03/2024
A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.4-20210119 is able to address this issue. The name of the patch is 4a9673624f46f7609486778ded9653733020c567. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258612.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2015-10131
Publication date:
31/03/2024
A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2024-3118
Publication date:
31/03/2024
A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2024-3117
Publication date:
31/03/2024
A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2025

CVE-2023-46808
Publication date:
31/03/2024
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2023-41724
Publication date:
31/03/2024
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024
Subscribe to Vulnerabilities