Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-2545
Publication date:
19/03/2024
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: This candidate is a duplicate of CVE-2024-1730. Notes: All CVE users should reference CVE-2024-1730 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2024

CVE-2024-29094
Publication date:
19/03/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2026

CVE-2024-29091
Publication date:
19/03/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Honeypot Anti Spam: from n/a through 2.1.13.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2024

CVE-2024-29092
Publication date:
19/03/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2024-29093
Publication date:
19/03/2024
Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2024

CVE-2024-27996
Publication date:
19/03/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2024-27997
Publication date:
19/03/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2024

CVE-2024-27998
Publication date:
19/03/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in UkrSolution Barcode Scanner with Inventory &amp; Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory &amp; Order Manager: from n/a through 1.5.3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2024

CVE-2024-29089
Publication date:
19/03/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2024

CVE-2023-4426
Publication date:
19/03/2024
Rejected reason: **REJECT** Not a valid security issue - vendor unable to replicate.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2024

CVE-2024-21677
Publication date:
19/03/2024
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.<br /> <br /> Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version.<br /> <br /> If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html<br /> <br /> You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. <br /> <br /> This vulnerability was reported via our Bug Bounty program.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2023-44092
Publication date:
19/03/2024
Improper Neutralization of Special Elements used in an OS Command (&amp;#39;OS Command Injection&amp;#39;) vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2025
Subscribe to Vulnerabilities